Nicola Newitt is a UK qualified lawyer who trained in private practice and worked at Slaughter and May before moving in-house to start her privacy career in Bupa’s international health insurance business. She is now Senior Privacy and Product Counsel at InfoSum, a leading Data Clean Room. With Nicola we have covered a very hot topic for anyone in the Marketing Technology or AdTech spaces. Our discussion included the following questions: Who’s the controller and who’s the processor in a Data Clean Room scenario? Do we have a joint controllership when for instance a publisher or a retailer partners with a consumer brand? Which legal basis do we rely on for each of its three main use cases? Can different options at data activation level alter our legal approach or safeguards? How does an independent Data Clean Room compare to a Walled Garden Clean Room from a privacy point of view? References: InfoSum documentation FashionID case EDPB Guidelines on targeting of social media users EDPB Guidelines on the concept of controller and processor Experian vs. Information Commissioner’s Office