Enhanced Conversions, Advanced Matching, Enhanced Matching – the last years of marketing & tracking basically revolved around one specific topic: How can we get more data, preferably personal ‘first party’ data like e-mails, phone numbers or even postal addresses?
I’m not here to discuss the sense and nonsense of this approach – at least not today. This certainly will be a topic for another day, though.
For this particular post, we will only consider this one fact: Privacy officers are usually not amused whenever a marketing person pays them a visit after just another call with Google, talking about the newest features in the customer matching functionalities.
As the name already reveals, privacy officers are mostly there to keep private data private. So, of course, they oftentimes are kind of hesitant when it comes to passing first party user data to Google, Meta, Snapchat, Tiktok, Pinterest and all the countless other Ad and Analytics Platforms.
Google obviously also noticed this. In comes “Confidential Matching”.
What is Confidential Matching?
To put it in Google’s words:
Confidential matching is a feature of Google Ads Data Manager that allows marketers to use their first-party data for matching using confidential computing.
So, summarized in only one sentence, Confidential Matching is a First-Party-Data-Feature.
Simply put, confidential matching is a new first-party data feature that, through newly applied technology and processing methods, aims to provide more privacy security for end users. On the first glance, the announcement kinda reads like Customer Match is given a fancy new look and a slightly better way of processing the data and that’s about it.
Of course, it’s not quite that simple.
Alright, let’s start at the very beginning: What even is Confidential Computing? Is it just another fancy Google Product?
Nope, Confidential Computing itself does not have anything to do with Google in the first place. It’s actually a very popular and well established technology that is used throughout various businesses and industries.
Confidential Computing basically ensures that private data are not only encrypted, but also isolated. So, you can basically imagine it as if personal data is stored in a tiny box, this box is locked and only a very specific key can open this box and access the data. This key is very well hidden, though, so that only specific functions and parts of the process are able to find the key, use the key, unlock the box and therefore use the data stored in the box.
If you want to read a deeper technical explanation of how Google puts the confidential computing technology to use and how the information structure and the datastreams are built, Google got you: Chanda Patel (Senior Staff Software Engineer at Google), John Tobler (Senior Director of Engineering at Google) and Quaseer Mujawar (Product Owner for Confidential Matching at Google) published a more detailed documentation on Github.
For marketing-purposes, the most important takeaway here is: Yup, we’ve got an additional layer of security here.
“That’s amazing! How do I implement this?”,
is what you might be thinking. The answer is “you don’t!”.
The data collection itself won’t change, so you don’t have to implement Confidential Matching manually. Moreso, the confidential matching processes are coming into play in the processing part, after we passed the data, so it’s more of a background process we couldn’t influence anyways.
This is good, because it means we don’t have to change anything and Confidential Matching is activated and implemented automatically whenever we’re using the Customer Match Feature in Google Ads (with probably more features to come).
So.. Is Privacy no longer an issue?
This would be great. But as I said, we’re still not having any influence to how the data is processed. That’s no news, it has been like that ever since – and this probably is something that won’t ever change.
So, Confidential Matching might have sounded a bit too good to be true.
While the confidential matching process, specifically the “attestation”-part of it, seems to make sure that the data is used and processed “as intended”, we still don’t quite have any reliable information about what this means exactly. Like, what does “as intended” mean?
The definition of what “as intended” includes in detail isn’t open to the public, at least as far as I know. So the underlying issue businesses had with Customer Match still stands: We’ll be passing user data without quite knowing what happens after we passed them.
Therefore, the answer to…
“Can I use Confidential Matching without Consent?”
is an easy one.
No, you can’t. Whether we’re talking “old” Customer Match without or “new” Customer Match with Confidential Matching – the bottom line stays the same:
We’re passing personal user data to Google, so we need to collect the users’ consent first.
Isn’t it quite comforting to see that, even with all these changes, this one legal and moral rule always stays the same? 🙂