Masters Of Privacy

Will Data Clean Rooms live up to their privacy-preserving expectations? How specifically do they solve the GDPR compliance challenge?

Nicola Newitt is a UK qualified lawyer who trained in private practice and worked at Slaughter and May before moving in-house to start her privacy career in Bupa’s international health insurance business. She is now Senior Privacy and Product Counsel at InfoSum, a leading data clean room.

With Nicola we have covered a very hot topic for anyone in the Marketing Technology or AdTech spaces. Our discussion included the following questions:

• Who’s the controller and who’s the processor in a Data Clean Room (or data collaboration) scenario? Do we have a joint controllership when for instance a publisher or a retailer partners with a consumer brand?
• Which legal basis do we rely on for each of its three main use cases?
• Can different options at data activation level alter our legal approach or safeguards?
• How does an independent Data Clean Room compare to a Walled Garden Clean Room from a privacy point of view?

References:

• InfoSum documentation
• FashionID case
• EDPB Guidelines on targeting of social media users
• EDPB Guidelines on the concept of controller and processor
• Experian vs. Information Commissioner’s Office