Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
April 1st, 2022
Are “Privacy-First” Clean Rooms Safe From Regulators?
Privacy & Data Security Group Chair Daniel M. Goldberg was quoted in the article, “Are ‘Privacy-First’ Clean Rooms Safe From Regulators?” published by Cybersecurity Law Report. The article discusses “data clean rooms” which enable companies to share consumer data with each other for targeted marketing while supposedly protecting privacy. Daniel is quoted saying, “Does this really move the industry forward? Or are we solving the issue of the disappearing third-party cookie, but bringing companies another bucket of privacy concerns?” He adds, “Not all data clean rooms rely on the same technology or security measures. They definitely could be subject to scrutiny, especially by regulators who don’t understand the technical nuances in the technology.”
Daniel comments on the claimed protections of a clean room, “you can use your first-party data to facilitate the types of advertising that you wanted to do previously. Don’t worry about the fact that third-party cookies are going away. We will still allow you to achieve what you need to be achieving.” Companies having an interest in clean rooms is positive, Daniel noted. This shows a company is “already thinking about the sophistication and importance of deidentifying data and the security around it,” he said.
Daniel says, “From a regulatory perspective, using a clean room sounds great in theory” because clean rooms have promoted themselves as privacy secure. However, Daniel notes, “clean rooms each have their secret sauce, with proprietors citing ‘fragmented architectures’ and other obscure approaches to protect PII.” One recently acquired start-up, DataFleets, noted that its clean-room technology “is very cutting edge and uses privacy-preserving algorithms coming out of academia and other corporate research programs.”
Regulators have already batted at adtech magic, Daniel said. They may look past the de-identified means of data sharing to focus on its ends: companies are using clean rooms to effectively target consumers on a one-to-one basis. He says, “A regulator's interpretation may be that there should not be any individually targeted ads in the ecosystem at all, period."
Given the potential regulations with clean rooms Daniel says, “Companies should investigate how the provider strips out identifiers and stops reversals of the process. Companies must confirm the clean room’s deidentification approach sufficiently ensures that one is not able to re-identify people in any context.” Daniel advises, “Companies should check the security of the systems to ensure that access restrictions are operating and rely on two-factor authentication or stronger measures.”
Daniel suggests a marketing or sales team to learn about the contract language review, “A marketing team or sales team is talking to the sales representative of the clean room, who will make all these promises around how it works. When you look at the contractual language, it doesn’t necessarily impose all those obligations or expressly state or incorporate those,” he said.
“Get on the line with the technical team, those who actually are responsible for the product, so they can explain to you how the product works,” Daniel says. Ask questions around what data goes in and how the data is joined with other data. What type of analytics can each party perform on the data? Companies considering using a clean room should confirm that the contract specifies the implementation measures, Daniel adds. The contract also should show what type of data can leave the room. “One reason that these clean rooms exist and are effective is because they compile the data of many, many different customers,” Daniel adds in conclusion.
Read the full article here. (Behind paywall)
Other Quoted
An Influencer Gained Followers as She Documented Her Weight Loss. Then She Revealed She Was on a GLP-1
Hannah E. Taylor is quoted in The Wall Street Journal about social media influencer Janelle Rohner, who shared her weight loss progression with diet and lifestyle tips, selling a paid course on nutrition. When Ms. Rohner posted she was taking a medication used for weight reduction and diabetes, her critics questioned her the legality of her advertising and e-commerce. The article stated, “Hannah Taylor, deputy managing partner and a partner in the advertising, marketing and public relations group at law firm Frankfurt Kurnit Klein & Selz, said proving an influencer acted fraudulently is a high bar because many jurisdictions require showing that the defendant had an intent to deceive. False advertising is typically easier to prove. Taylor said if someone had purchased the course believing that it led to Rohner’s weight loss, when in fact the medicine was the cause, that could be a material omission that could subject the influencer to false advertising liability.” View article.
May 30 2025
Mubi’s $24M Bet Just Made Agents Bullish Again. Here’s Why
Hayden Goldblatt is quoted in The Ankler article on Mubi’s purchase of Lynne Ramsay's film, “Die, My Love,” and what it meant for the Cannes market. He’s interviewed on “the real lessons from Cannes.” View article. (Behind paywall)
May 27 2025
A Federal Judge Ordered OpenAI to Stop Deleting Data
Daniel M. Goldberg is quoted in an Adweek article, which reported that a federal judge has ordered OpenAI to stop deleting output data from ChatGPT. This was part of The New York Times lawsuit, alleging OpenAI engaged in copyright infringement “by using ‘millions’ of articles published by the newspaper to train its AI model, which now directly competes with the Times’ content as a result.” The judge’s order seeks to preserve evidence in the Times’ case. Mr. Goldberg addressed mulitple implications of the order, which requires OpenAI to hold more data than they normally would. "That could make OpenAI more susceptible to security breaches, or shake the trust of consumers who expected their chatbot records to be deleted. There are also potential implications regarding energy use, storage and environmental impact that the judge may not have considered when making the order, Goldberg said." He also noted the order would trigger people's concerns about what it means for working with large tecnology providers.
May 21 2025
