Data Clean Rooms: Enabling Analytics, Protecting Privacy

AWS announced AWS Clean Rooms, a new analytics service that helps companies across industries easily and securely analyze and collaborate on their combined datasets without sharing or revealing underlying data, according to an announcement at the AWS re:Invent.

While the packaged service is new at Amazon Web Services, it’s not a new concept for data pros, and Amazon is not the first to offer such a service. Yet the fact that Amazon is offering such a service indicates the idea is becoming mainstream.

Just what are data clean rooms? How are they used and why are they growing in popularity today?

What are Data Clean Rooms?

First, data clean rooms aren’t actual physical rooms. They are virtual constructs made up of tools that are designed to help organizations share sensitive data in a safe way that protects personally identifiable information and also protects the trade secrets and proprietary information of organizations.

Forrester analyst Tina Moffett explains that fundamentally, data clean rooms are a data collaboration tool that allows data to be used collaboratively across organizations and even outside organizations, but in a way that preserves privacy and follows data governance rules.

This is not a new concept. Several industries have previously used such tools to share highly sensitive documents; for instance, documents used in merger and acquisition activities.

“Now marketers have started to think about how they could use clean rooms as a way to share data with their publisher partners because of the depreciation of the third-party cookie.”

Third-party cookies are the cookies that allow organizations to track your activity and behavior across multiple websites. They are why you keep seeing that same advertisement follow you from site to site. Many web browsers now block third-party cookies and Google has said that its Chrome browser will start blocking third-party cookies in 2024. (Google originally set 2022 as the date for this but has allowed it to slip a few times already.)

Moffett says that the demise of the third-party cookie is one of four big shifts that are changing the landscape for marketing and advertising data -- something that Forrester is calling data depreciation. The other areas are the rise of “walled gardens” or sites such as Facebook or certain publishers, growing awareness of privacy issues among consumers, and an expanding privacy regulatory environment.

Privacy Considerations in Data Clean Rooms

According to Forrester, to qualify as a data clean room, security and privacy controls must be embedded in the tool so that enterprise and customer data is protected before it’s shared and analyzed. This means they must include strong identity and access management capabilities, and encryption of data entering the “clean room,” among other protections.

But it’s not just the tools that need to incorporate these protections. Forrester says that clean rooms must have processes in place to protect privacy, too. For instance, a critical process would include normalizing data before entering the room and verifying the degree of de-identification when data leaves the room. Another essential piece is a process to assess risks in the data clean room, according to Forrester.

Forrester lists two other keys to data clean rooms: transparent data governance controls, and a self-governing analysis experience.

One data clean room provider is Snowflake. Originally known for its cloud data warehouse services, the company was already known for working with end-customer data, and it was talking about data clean rooms back in January 2020 as a way to continue data analysis while abiding by new regulations such as GDPR and the California Consumer Privacy Act.

Bill Stratton, global head of media, entertainment, and advertising at Snowflake, says that data sharing and data collaboration was the next evolution of Snowflake beyond the data warehouse.

“A clean room is an approach to using data sharing and data collaboration, but with the highest privacy and governance functions,” he says. “A data clean room is like the next version of data collaboration that actually has all the privacy and governance controls.”

Snowflake’s data clean room service allows existing customers to look at a marketplace of other customers who are open to inquiries of data sharing. AWS’ new data clean rooms are offering a similar experience where customers can easily find other AWS customers who are willing to do a data share.

For enterprises contemplating the use of a data clean room, Forrester recommends careful vetting of partners in terms of their privacy and governance practices and also putting in place a way to measure the return on investment.

Who are the Data Clean Room Providers?

According to Forrester, the data clean room provider landscape spans multiple categories including advertising or marketing tech providers such as Adobe and Salesforce; closed ecosystem providers such as Amazon and Walmart; as well as data connectivity providers, data governance providers, data management providers, and security and privacy providers.

And while data clean rooms can provide a lot of value for publishers, media giants, and those in closed ecosystems, the jury is still out on whether they can deliver the value for marketers. What’s more, Forrester says, they don’t automatically solve the customer trust problem. Most customers don’t know or care about data clean rooms, the firm points out in a report, and using a data clean room is not going to make a customer trust you with their data.

What to Read Next:

Data Strategy: Synthetic Data and Other Tech for AI's Next Phase

Can Data Collection Persist Amid Post-Roe Privacy Questions?

Businesses Grappling With Post-Roe Data Privacy Questions