Global advertisers will spend close to $992 billion in 2025, with digital channels accounting for roughly $678.7 billion of that investment, and programmatic platforms now handling about 90% of all digital display dollars worldwide. Major exchanges process around 14.2 trillion bid requests per day, each one a real-time auction that has historically depended on individual-level user signals to function. That dependency is collapsing. Cumulative fines under the EU’s General Data Protection Regulation have crossed €7.1 billion since 2018, with €1.2 billion issued in 2025 alone, and 19 U.S. states now have comprehensive consumer privacy laws on the books. The ad-tech industry is being forced to rebuild its intelligence layer from the
ground up around aggregated, anonymized data, and the engineering implications run deeper than most outside the field realize.
Deepak Gupta, a Senior Software Engineer at Google with more than a decade of experience architecting large-scale distributed machine learning systems, has spent much of the past four years designing infrastructure that operates squarely inside these constraints. As a Senior Member of the IEEE, his work focuses on a question the industry can no longer avoid: how do you extract usable market intelligence at planetary scale when the underlying inputs have to be aggregated and population-level by design, rather than tied to individual users?
The Cookie Sunset and the Architectural Reckoning
After five years of repeated delays, the company behind Chrome announced in July 2024 that it would not force a full deprecation of third-party cookies in the browser, and confirmed in April 2025 that no separate consent prompt would roll out. The reversal did not return the industry to 2019. Apple’s App Tracking Transparency framework, Safari’s Intelligent Tracking Prevention, and Firefox’s Enhanced Tracking Protection had already pushed effective cookie coverage on the open web to roughly 20% or less. Internal Privacy Sandbox tests showed publisher revenue dropping by around 34% on the largest ad-serving platform when third-party cookies were removed without alternatives in place, and around 21% on its self-serve counterpart. The economics are simple. The signals advertisers used to rely on are leaking out of the system regardless of any browser-level reprieve, and the engineering work to replace them has to continue.
Gupta’s response to that environment, embedded in the cross-channel insights infrastructure he led engineering for, was to assume from day one that individual-level identifiers would not be available at scale. The system was designed around aggregated signals: search trends across geographic regions, multi-modal asset resonance across audience cohorts, and auction dynamics measured at the segment level rather than the user level. That choice required substantial architectural concessions, including new approaches to dimensionality reduction and sparse matrix computation, but it produced a platform whose core logic does not break when the upstream signal mix shifts.
“The cookie pause confused a lot of people into thinking the industry got more time,” Gupta says. “It didn’t. The compliance pressure, the user opt-outs, the structural fragmentation of identity across browsers and apps, none of that paused. If your platform was already engineered to depend on user-level tracking, you are still rebuilding it. We just have longer to do it.”
Engineering Intelligence from Aggregated Signals
The privacy-enhancing technologies market reached around $4.97 billion in 2025 and is forecast to grow to $12.26 billion by 2030 at a compound annual growth rate near 19.8%. The differential privacy segment alone moved from $1.42 billion in 2024 toward a projected $13.18 billion by 2033. AI and ML training contributed roughly 26.4% of PET revenue in 2024 as federated learning, secure multi-party computation, and confidential computing moved from research labs into production. Adoption inside marketing has tracked the regulatory pressure: about 66% of U.S. data and ad professionals report using data clean rooms in some capacity.
The shift from pixel-level tracking to population-level inference is harder than it sounds. Aggregated signals are statistically sparser, more correlated across segments, and far less forgiving of model error than per-user labels. Gupta’s pipelines ingest billions of daily auction events and harmonize them with cross-channel inventory data before they reach any predictive model. The training stack and the inference stack were deliberately decoupled to handle the computational asymmetry, and the serving infrastructure was built to deliver predictions across global markets within tight latency budgets without ever materializing user-level state.
Gupta notes that the change in input shape forces a corresponding change in modeling discipline. “When you can’t anchor a prediction to an individual, every assumption you used to make about feature stability has to be re-examined,” he says. “The signals are noisier, the leakage paths are different, and the failure modes are different. Most of the engineering work in privacy-first infrastructure is actually in catching the failure modes that didn’t exist before.”
Privacy by Design Is a Distributed Systems Problem
The privacy-enhancing computation market is on track to grow from $5.62 billion in 2025 to roughly $46.29 billion by 2035, a compound annual growth rate above 22%. Around 85% of Fortune 500 companies were running homomorphic encryption against cloud workloads by late 2025, and the EU AI Act is mandating privacy-preserving techniques for high-risk applications. The deeper shift is architectural rather than cryptographic. Compliance is no longer a layer that sits on top of a data pipeline. It is a constraint that the pipeline itself has to be designed around, with anonymization, aggregation, and access controls baked into the data model rather than enforced at the boundary.
Gupta has spent years working on problems where intelligence has to be reconstructed from sparser inputs rather than richer ones, a constraint that shaped his architectural instincts well before he applied them to regulated data systems. That same mindset carries directly into compliant ad-tech infrastructure. The pipelines he led engineering for treat anonymization not as a privacy filter applied late in the pipeline but as a property of the data model itself, with downstream ML systems built on top of that contract.
“Privacy by design fails the moment you treat it as a wrapper,” Gupta observes. “If your raw store has user-level states and you are stripping it on the way out, you’ve built a leak with extra steps. The pipelines that actually hold up under audit are the ones where the aggregation primitive is the storage primitive.”
The Skill Set Reshaping ML in Ad-Tech
The number of active data protection regulations worldwide reached around 157 in 2025, up from 128 three years earlier, and U.S. comprehensive state privacy laws now cover 19 jurisdictions. Median total compensation for a senior privacy engineer at a U.S. technology company was approximately $312,000 in February 2026. Privacy engineering has moved into the top five highest-paid software engineering specializations, alongside ML engineering, security engineering, and distributed systems. The hiring data is the clearest indicator that compliance has crossed from a legal function into an engineering one.
The skills now in demand, designing data architectures that respect anonymization contracts, building inference layers that work on aggregated inputs, and instrumenting pipelines for auditability, sit at the intersection of distributed systems and applied machine learning. Gupta has co-authored peer-reviewed academic work, including a published study on what is known as the PROMPT System. The methodological discipline running through that body of work, careful reasoning about what can be inferred from sparse or constrained data, turns out to be the same discipline the privacy-first ad-tech industry now needs at scale.
“The teams that are getting hired into this work right now are the ones that can hold both ends of the problem,” Gupta reflects. “You need someone who can reason about a feature’s privacy properties and someone who can reason about its predictive properties, and increasingly those have to be the same person. Splitting them across two roles is how you ship something that fails an audit six months later.”
The Architecture Behind the Next Decade of Advertising
The data clean room market for advertising specifically reached around $1.42 billion in 2024 and is forecast to grow at a compound annual growth rate near 22.1% through 2033, climbing toward an estimated $10.16 billion. Clean rooms more broadly are projected to expand from $3.2 billion in 2025 to $18.6 billion by 2034. Roughly 92% of organizations are subject to GDPR requirements based on the data they collect, including U.S. companies with no European operations. The combination of regulatory reach, the structural fragility of identifier-based targeting, and the maturing of cryptographic and statistical privacy tools points to a single direction of travel for the next decade.
The infrastructure layer that powers ad-tech in 2030 will look almost nothing like the infrastructure that powered it in 2018. The earlier generation assumed identity was a primary key. The newer generation has to assume it isn’t. Gupta’s career trajectory, from research on inference under constrained inputs to architecting cross-channel ML platforms that operate on aggregated signals at global scale, lines up with that change. The engineers who get the next wave right will be the ones who treated privacy as an architectural constraint from the first design review, rather than a compliance task to retrofit.
“The interesting work for the next ten years is not in chasing whatever the next user identifier is going to be,” Gupta concludes. “There won’t be one. The interesting work is in building systems that produce honest, useful, auditable intelligence from data that, by design, doesn’t tell you who anyone is. That is the platform problem the industry is solving for.”
