Both parties must approve it before execution
Who this is for:
Architecture / Concept Overview: Both parties must approve it before execution
A Clean Room acts as a trusted intermediary where collaborators define the computation, contribute data, and receive only approved outputs. Neither party sees the other's raw data.
%%{init: {"theme":"base","themeVariables":{"background":"#0B0E14","primaryTextColor":"#E0E6ED","lineColor":"#5D6470","darkMode":true,"primaryColor":"#2E4A4A","secondaryColor":"#374151","secondaryTextColor":"#E0E6ED","tertiaryColor":"#111827","tertiaryTextColor":"#E0E6ED","edgeLabelBackground":"#1f2937"}}}%%
flowchart LR
classDef source fill:#3F4B59,stroke:#9CA3AF,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef ingestion fill:#5A4B36,stroke:#C9A86B,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef processing fill:#535072,stroke:#8E82B4,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef storage fill:#2E4A4A,stroke:#5FAFA8,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef serving fill:#3D5550,stroke:#6BB7AA,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef governance fill:#5A3F52,stroke:#C28BB0,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
A[Party A Data] -->|Contribute| D[Clean Room Environment]
B[Party B Data] -->|Contribute| D
C[Approved Notebooks / SQL] -->|Run| D
D -->|Aggregated Results| E[Party A Output]
D -->|Aggregated Results| F[Party B Output]
D -->|Governed by| G[Clean Room Policies]
A:::source
B:::source
C:::processing
D:::governance
E:::serving
F:::serving
G:::governance
*Both parties contribute data to the Clean Room, approved computations run inside, and only aggregated results are released.*
%%{init: {"theme":"base","themeVariables":{"background":"#0B0E14","primaryTextColor":"#E0E6ED","lineColor":"#5D6470","darkMode":true,"primaryColor":"#2E4A4A","secondaryColor":"#374151","secondaryTextColor":"#E0E6ED","tertiaryColor":"#111827","tertiaryTextColor":"#E0E6ED","edgeLabelBackground":"#1f2937"}}}%%
graph TD
classDef source fill:#3F4B59,stroke:#9CA3AF,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef ingestion fill:#5A4B36,stroke:#C9A86B,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef processing fill:#535072,stroke:#8E82B4,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef storage fill:#2E4A4A,stroke:#5FAFA8,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef serving fill:#3D5550,stroke:#6BB7AA,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef governance fill:#5A3F52,stroke:#C28BB0,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
A[Clean Room Use Cases] --> B[Audience Overlap]
A --> C[Attribution Analysis]
A --> D[Joint ML Training]
A --> E[Benchmarking]
A --> F[Compliance Reporting]
B --> G[Ad Tech / Marketing]
C --> G
D --> H[Healthcare / Finance]
E --> H
F --> H
A:::processing
B:::ingestion
C:::ingestion
D:::serving
E:::source
F:::governance
G:::serving
H:::storage
*Clean Rooms serve industries from ad tech (audience overlap, attribution) to healthcare and finance (joint ML, compliance reporting).*
Key Terms
Prerequisites and Setup
- Two or more Databricks workspaces with Unity Catalog enabled
- Metastore admin privileges on each collaborating workspace
- Agreement between parties on the computation logic and output policies
- Data assets in Unity Catalog that each party wants to contribute
Step-by-Step Implementation
Configuration Reference
| Parameter | Description | Default |
|---|---|---|
clean_room.name | Unique identifier for the Clean Room | Required |
collaborator.metastore_id | The metastore sharing ID of the collaborating organization | Required |
output_policy.min_aggregation_size | Minimum group size for aggregated outputs (k-anonymity) | 10 |
output_policy.allowed_operations | SQL aggregation functions permitted in output | All standard aggregations |
output_policy.disallow_row_level | Block any row-level data from leaving the Clean Room | true |
output_policy.differential_privacy | Enable differential privacy noise addition | false |
output_policy.epsilon | Privacy budget for differential privacy | 1.0 |
notebook.approval_required | Require both parties to approve before execution | true |