What Advertisers Need to Know About Google Trusted Execution Environments
If you’re in the marketing ecosystem, it’s no surprise to hear that advertisers are facing increasing challenges in leveraging first-party data to effectively reach their target audiences. Regulations, platform changes, and growing consumer concerns about privacy have made it difficult to balance personalized advertising with user protection.
Advertisers play a critical role in commerce by delivering relevant ads and driving customer engagement. They need secure systems to collect, process, and share data while maintaining compliance with privacy laws.
So, how can advertisers ensure they’re able to get the insights they need to grow all while keeping privacy top of mind? Enter: Confidential computing, a groundbreaking solution powered by Trusted Execution Environments (TEEs) from Google that promises to transform data security and privacy in advertising. In this post we’ll cover everything you need to know about confidential computing and TEEs including benefits, how they work, and the overall impact to advertisers. Let’s dive into it.
What are TEEs?
Many marketers took notice when Trusted Execution Environments (TEEs) were first mentioned at Google Marketing Live, but details have been scarce until now. This morning, Google introduced confidential matching, which applies confidential computing technology. TEEs are the heart of confidential computing, and act as secure “lockboxes” where data is processed in an isolated environment. Even system administrators or other parties facilitating the data cannot access the raw data. TEEs enable multiple businesses to share encrypted data in a secure manner, allowing insights to be drawn without exposing any private, identifiable information.
Previously, advertisers needed to go through a complex process to ensure privacy (e.g., finding a third-party clean room provider), but now this is automated within the Google Ads system.
An example of how the TEE framework will work to share 1st party data privately & securely
TEEs Key Features
TEEs boast a variety of exciting key features. Let’s take a look at each…
Secure Data Sharing: TEEs allow multiple companies to bring their data to a shared, encrypted environment, ensuring that sensitive information remains confidential. For example, an advertiser and a publisher can match user data without either knowing the other’s complete list of users. This allows businesses to analyze aggregated data all while maintaining privacy.
Aggregation and Minimization: Data is aggregated and minimized within the TEE, providing useful insights without exposing individual-level data. This limits exposure of data. For example, ensuring that row-level data or unmatched data does not leave the confines of the TEE based on code policies.
Enhanced Privacy Protections: Confidential Computing ensures that personal data is processed securely, with protections built into the system by default, giving advertisers visibility into how their data is used with potential use for governance and regulatory management.
Attestation: TEEs provide an “attestation,” or proof, that data has been processed securely without any unauthorized access. This provides businesses with confidence in the security of their data operations in the form of a “receipt”.
“Attestation is a significant advancement for data chain of custody. Unlike other platforms that claim they won’t share data, this one ‘proves’ it.”
Simon Poulton EVP of Innovation and Growth at Tinuiti
How TEEs Works
Google is incorporating Confidential Computing into its advertising products, starting with confidential matching in Google Ads. Confidential matching allows advertisers to securely match their first-party data with Google’s first party data in a TEE, ensuring that only matched data is processed. Unmatched data is simply deleted within the TEE itself, ensuring Google never learns any unmatched first-party data.
For small and medium-sized businesses, this offers a streamlined, secure way to process data without needing additional resources or costs. Google plans to expand this technology to more products, such as Enhanced Conversions, based on feedback from advertisers.
“Integrating TEEs with Enhanced Conversions for web and Customer Match addresses previous concerns brands had about sharing first-party data with Google.”
Simon Poulton EVP of Innovation and Growth at Tinuiti
A key goal of Google’s Confidential Computing initiative is to democratize access to privacy-enhancing technologies. By integrating these technologies directly into the Google Ads ecosystem, advertisers of all sizes can easily leverage privacy protections. Google is also open-sourcing its Confidential Computing code and partnering with industry bodies like the IAB Tech Lab to normalize and standardize these types of solutions across the advertising ecosystem.
TEEs Benefits for Advertisers
TEEs offer a host of benefits for data security and privacy. By providing a secure, encrypted environment for processing sensitive information, TEEs not only enhance data protection but also streamline compliance with privacy regulations. Let’s break down a few of TEEs key benefits.
Simplified Privacy Compliance: By integrating privacy protections into the system, Google helps ease the burden for advertisers managing complex data-sharing processes or negotiating with third parties.
Increased Security and Transparency: Advertisers can trust that their data is processed securely and receive verifiable proof through attestations.
Opportunities for New Insights: TEEs enable the processing of row-level data in ways that were previously not possible, potentially unlocking new insights and performance capabilities in a privacy-preserving way.
Support for Additional Participants: Google has open-sourced reference architecture that highlights different configurations ranging from multiple participants (e.g., two or more data owners sharing data) to third parties owning key management and privacy policies (e.g., a 3rd party owning the infrastructure and data owners sharing to this infra, ensuring distributed trust) to provide added transparency.
Integration with Existing Systems: By integrating confidential computing into platforms like Google Ads, advertisers can leverage advanced privacy features without needing significant additional resources or technical expertise.
Support for Downstream Use Cases: TEEs could support advanced use cases by enabling secure processing for incrementality studies to measure the true impact of advertising efforts, facilitating conversion modeling to analyze aggregated data for optimizing marketing strategies, and allowing secure data sharing among partners for collaborative data-driven marketing strategies.
Will TEEs Replace Ads Data Hub (ADH)?
Many marketers are wondering if TEEs will replace ADH and the answer is no. ADH remains a core tool for many advertisers, but the goal is to democratize access to privacy-enhancing technologies for all advertisers, including small and medium businesses. Simon Poulton, EVP of Innovation and Growth at Tinuiti noted that “ADH didn’t quite meet expectations for many advertisers. We’ll have to see if this new solution lives up to what’s anticipated.”
Conclusion
Ensuring the security and privacy of data is more crucial than ever for advertisers. Confidential computing represents a significant advancement in this area, offering solutions for data protection while enabling effective, privacy-conscious advertising strategies. With benefits ranging from enhanced security and simplified compliance to support for advanced data analysis and secure collaboration, TEEs provide a powerful tool for navigating the complexities of modern first-party data management. For more insights on how TEEs can transform your data practices and drive more effective marketing results, contact Tinuiti today.
You Might Be Interested In
