It’s an exciting time to be in the field of health-related, data-driven analytics. While there is increasing uncertainty due to the evolving regulatory and technology landscape, measuring health campaigns while ensuring privacy compliance is easier than ever. The industry now benefits from platforms designed to unify data for measurement while better protecting individual datasets. These platforms, commonly known as clean rooms, allow for maximum analytical flexibility while keeping datasets private.
For a long time, companies struggled to share proprietary datasets because of the risk that they could get into the wrong hands. That is where clean rooms shine: they allow two companies to merge their data together to strengthen analytics capabilities—without requiring access to each other’s datasets on a granular, individual level. This allows for analyses that, historically, were nearly impossible.
Here’s an example of what a thoughtful clean room practice might look like in real life:
- A health website serves a brand’s ads to build awareness around the importance of getting vaccinated for a condition at a specific pharmacy chain.
- The pharmacy chain has its own campaign in addition to the one on the health website.
- Both the website and the pharmacy would like to know how many of the vaccines administered by the pharmacy were originally messaged by the health website. Neither wants to know who the individuals are.
- For privacy reasons, neither the media company nor the pharmacy is willing to provide the other with its respective customer data.
- To perform the necessary analytics, both parties can place their respective data in a third-party clean room environment, with each dataset stripped of its personally identifiable information (PII). This way, they can run counts of how many people were both exposed to the website campaign and vaccinated at the pharmacy.
Using the above clean room approach, the website would not know which of its visitors got a vaccine, nor would the pharmacy know which of its customers visited the website. But both parties are able to determine the primary metric they care about: how many people acted upon the campaign.
Clean room analytics can help to mitigate the exposure of proprietary and sensitive datasets. But, as highlighted by the FTC’s recent discussion about clean rooms, it requires some additional technical and organizational measures, such as:
- Confirming that the dataset sitting in the clean room does not include PII.
- Ensuring that the dataset and the analytics cannot be used or back-designed to identify the dataset back to a user or device as-is or as combined with any other dataset in the environment.
- Enacting measures preventing the dataset from being used for any purpose other than the analysis within the clean room environment. Uses that may not be consistent with a clean room use case can include integration of a dataset into a larger dataset, improving an existing dataset, or using data for monetization.
- Sourcing the datasets in a manner compliant with applicable federal and state laws, regulations, and guidelines, including those protecting the privacy of individuals within a dataset.
Just this year, the FTC’s X-Mode case provided a telling example of the FTC holding a company responsible not only for collecting and using data in a manner consistent with applicable notices and opt-ins, but also for ensuring that third parties from whom such company sourced any data did the same.
Here are some best practices that companies follow when implementing a clean room arrangement:
1. Partner Documentation. As a starting point, a partner needs to have a properly documented flow of their data indicating where your data will and won’t be accessible. This includes where data is stored; who has access to the data; what protection is in place for the data; the specific categories of uses of the data; any potential privacy, security, or other risks associated with the processing of the data; and any mitigation measures to protect the datasets. If a company is unable or unwilling to share this, that’s a red flag. It’s also important to assess a potential partner’s proprietary models and analytics methodologies.
2. External Assessments. While partner documents are essential, only third-party assessments or audits can provide heightened assurance around certain data processing risks. Ideally, an independent third party should evaluate datasets and use cases to confirm there’s no risk of back-designing the data to develop a unique identifier or otherwise re-identifying individuals, devices, or households. A strong partner should provide a letter from the third party outlining what was reviewed and which parts of the process are covered. This letter should not need to include confidential or proprietary information; it simply confirms that the process meets necessary legal standards without revealing sensitive details.
3. Transparency. Clear, accurate communication around data use helps build trust and reduces risk. So, once the datasets and processes are evaluated for privacy and security risks, the next step is updating privacy policies and any other messaging around your use case. Make sure it’s easy to understand. X-Mode and similar enforcement actions as well as the FTC’s commentary on data clean rooms underscore the importance of transparency.
4. Tokenization. Once you’re gearing up to combine datasets, there are additional layers of controls to put in place. Tokenization—a process that replaces identifiable data elements with an alternative identifier, or “token”—enables the combination of datasets without revealing identities. While some companies develop their own tokenization, working with a trusted third-party provider helps keep identifiable data separate from tokenized data. Be cautious, though: tokenization alone doesn’t guarantee that PII will be fully protected.
5. Contractual Compliance. It’s crucial for both parties to outline the datasets being exchanged, the exact scope of use, and any restrictions and obligations expected on both ends. You can use a master agreement or a specialized data use or processing agreement.
6. Data and Purpose Limitation. Limit data sharing and permitted uses to only the datasets needed for specific, intended purposes. Sharing excess data can increase the risk of misuse, even with contractual safeguards in place.
7. Third-Party Due Diligence and Verification. When sharing data with, or receiving data from, third parties, it’s crucial to conduct due diligence on the data processing practices of those involved. For instance, the FTC ruled that X-Mode’s contractual limits on customer data use were insufficient. The FTC also held X-Mode accountable for not addressing inadequate notice practices among its data sources.
8. Limiting Output. A key aspect of using a clean room is setting strict rules on data extraction, such as restricting the ability for PII to be extracted. These types of controls help prevent accidental or intentional data misuse.
9. Existing Data Partner References. If you are interested in taking your due diligence a step further, existing partners can share insights from their experiences that formal verification might miss. This is why it can help to speak with folks at companies who already share or receive data from the third party you’re evaluating.
10. Privacy-Enhancing Technologies. There are tools to help you run analytics in a clean room while elevating data protection and privacy. These tools are often called privacy-enhancing technologies, or PETs. Here are a couple of examples of widely accepted PETs:
- Differential privacy, a method whereby you add a bit of random information (noise) to a dataset so that data patterns can be analyzed without revealing identifying information.
- Synthetic data, which is fake data that mimics real data, allowing analysis without exposing actual people’s details.
While not a compliance-free zone, a true clean room enables you to combine datasets and perform analytics that yield otherwise hard-to-obtain insights. The right vendors—and the organizational measures outlined above—make the clean room an invaluable tool for pharma marketers. To take full advantage, look for a partner that uses clean rooms with thoughtful controls in place for health campaign measurement and analytics.