Is Confidential Computing the Future of Personalized Advertising?

Reconciling data privacy and personalized marketing is an exceedingly big challenge that affects advertisers and individuals at the same time. Either data protection is in the way for advertising companies to present their services and products to the relevant target group, or private individuals complain about loss of control of their personal data.

This dilemma not only affects Swiss companies and the Swiss population, but is rather a global problem. And the hankering for a good solution is becoming increasingly urgent. Stricter data protection guidelines place enormous restrictions on companies in their advertising activities, which can have a massive impact depending on the companies' products and offerings. For example, with Apple's restrictive data protection as of 2021, Meta's revenue has plummeted by several million.

At the same time, various surveys reveal the increasing insecurity of end users. A study by the German Society for Online Research DGOF shows that three quarters of Germans feel they have less control over their personal data than they did ten years ago.

The end of personalized advertising?

Three developments underlie the challenges of personalized advertising. First, privacy is assigned a greatly increased relevance. As a result, data-related laws and regulations such as the GDPR or the California Consumer Privacy Act (CCPA) are currently being massively tightened. Companies, for example from the healthcare or banking sectors, have their hands tied when it comes to using their data externally. This affects the sensitive data of banks, doctors and health insurance companies. In addition, third-party cookies will be abolished by 2024. Google is thus meeting the needs of private individuals - and at the same time turning the advertising market for companies upside down. The advertising industry is dependent on new technologies for personalized and at the same time privacy-compliant advertising.

At the same time, new companies are entering the advertising platform market. For example, Apple has already banned cookies for iPhone users in 2021, thus stealing a large part of the clientele from existing advertising platforms. The company is currently reported to be in the Financial Times work to grow their own ad business and follow in the footsteps of Meta, Amazon and Google.

Recently, opinions have been divided on the side of private individuals. While some see personalized advertising as added value, others feel it is a nuisance. But regardless of whether they appreciate it or not, what unites private individuals to a large extent is a lack of data awareness - an awareness of when and where personal data is passed on. Among other things, this also stems from a lack of transparency on communication platforms.

According to a report by Bakom from 2021, there is a great lack of transparency on communication platforms with regard to data handling. The platforms hardly provide any information about how data is collected from users and why certain ads are played to specific users. The lack of information about the data situation is not only problematic for research and politics, but also for private users: Without sufficient information about data collection and data use, no education can take place in this area.

Regardless of which party you belong to, personalized advertising is becoming increasingly difficult and requires new approaches that function in compliance with data protection laws.

Confidential computing solves the problem

What can combine the best of data protection and advertising is "Confidential Computing", i.e. the creation of an isolated environment in which data can be processed protected from unauthorized access or manipulation. So-called data clean rooms run on a cloud computing platform and allow advertisers to synchronize and gain insights from their encrypted first-party data with also encrypted first-party data from third parties. This is intended to allow companies to serve ads targeted to clusters of people despite the lack of third-party data. Since this data synchronization is done in the data clean rooms, no party can decrypt the data at any time, which is compliant even with particularly strict data protection regulations and does not affect the privacy of private individuals in any way.

The data of the users or the target group does not have to be given out of hand for this purpose and no party - not even technology providers or cloud services - have access to the raw data. Advertising can be targeted to aggregated target group segments and not to individuals, as is the case with first party data. However, online campaigns can still be implemented in a targeted manner and, at the same time, in compliance with data protection laws and optimized on an ongoing basis.

Data Clean Rooms as the center of a first-party data strategy

Goldbach, for example, uses this technology together with several partners. Data clean rooms enable advertisers to define target groups on the basis of existing information such as e-mail addresses and to match them with the corresponding data pools of the marketers by means of data onboarding. Marketers can thus activate these target groups on their inventories independently of third-party cookies, across devices, and in compliance with data protection laws. Furthermore, applications such as lookalike modeling or exclusion targeting can be implemented in this way.

Goldbach's case shows that the combination of advanced analytics, supported by privacy-friendly technologies like Data Clean Rooms, can be a central pillar of a future-proof first-party data strategy in the media sector. As Jochen Witte, CTO of Goldbach, puts it, "It's a win-win situation for companies and user privacy."

* Maximilian Groth is co-founder and CEO of Decentriq. The enterprise SaaS platform provides secure and compliant data clean rooms and specifically targets the advertising dilemma. With DCR, companies can match encrypted data and draw conclusions that matter to business while maintaining data privacy.