It is time to revisit Data Clean Rooms, having dedicated seven previous episodes to the topic across both the English and Spanish-language channels. The convergence of advanced data management techniques, more mature Privacy Enhancing Technologies, and sophisticated 1st-party data-based collaboration scenarios (on the back of AI, retail media, and Connected TV) already call for frequent updates. This is now accompanied by a more nuanced legal analysis that will benefit from the recent EDPS v. SRB (CJEU) case (on the relative nature of “personal data”).
Some common, burning questions that you will find answered in this episode: How do you apply Joint Controllership agreements to the various stages in common business cases? How to handle more complex relationships involving two or more parties?
References:
Peter Craddock: EDPS v SRB, the relative nature of personal data, processors, transparency, impact on MarTech and AdTech (Masters of Privacy, September 2025)
Nicola Newitt (Infosum): the legal case for Data Clean Rooms (Masters of Privacy, March 2023)
Matthias Eigenmann (Decentriq): Confidential Computing, contractual relationships and legal bases for Data Clean Rooms (Masters of Privacy, March 2024)
Damien Desfontaines: Differential Privacy in Data Clean Rooms (Masters of Privacy, January 2024)
Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW (CJEU, 2019): The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website.
Digital Omnibus Regulation Proposal (EU Commission, November 19th 2025)
Meta Platforms Inc and Others v Bundeskartellamt (CJEU, 2023)
