Written by Connie Quintanilla Arana
On March 5th, industry leaders gathered at DPG Media in Amsterdam for the Privacy-Centric AdTech Summit, bringing together voices from across the ecosystem, including Google, DDMA, Team Blaeu, DPG Media, DoubleVerify and Pubvisory. With Wayne Tassie (DoubleVerify) moderating, and contributions from speakers such as Daphne van Doorn (BVDW), Sebastian Grantz (Google), Dr. Rob van Eijk (Team Blaeu) and Stefan Havik (DPG Media), the event focused on a central question: how can effective marketing be built in a world where privacy is no longer a constraint, but a starting point?
What emerged is not an incremental evolution, but a structural shift. Privacy, regulation and technology are no longer parallel tracks. They are becoming a single system that defines how digital advertising operates.
In Europe, privacy now functions as a layered system rather than a single regulation. GDPR remains the foundation, but it is increasingly complemented by the ePrivacy Directive, DSA, DMA, the AI Act and the Data Act, alongside national interpretations and evolving case law. While this may appear coherent on paper, its application is far from uniform, and differences in enforcement and interpretation across markets introduce fragmentation and operational complexity, particularly for organizations operating at scale.
As a result, privacy is no longer confined to compliance. It directly shapes how businesses structure their data, design their technology and make decisions across markets, effectively becoming part of the operational architecture of the organization.
A critical takeaway from the legal discussions is the way personal data is interpreted in practice. The focus has shifted from direct identifiers to the broader concept of identifiability. This includes the ability to single out an individual within a dataset, link data across contexts or infer characteristics through analysis. When any of these conditions are met, the data remains within scope.
This has important implications for both AdTech and AI. Many systems rely on large-scale datasets to generate predictions or optimize outcomes, yet if those datasets allow for re-identification, they remain subject to regulation. Pseudonymization does not remove that obligation, which narrows the space in which many existing approaches can operate and challenges assumptions that have underpinned the ecosystem for years.
One of the most consistent themes throughout the summit was the widening gap between technological capability, regulatory expectations and organizational readiness. AI is advancing rapidly, enabling new forms of modeling, prediction and optimization that do not rely on direct identifiers, while regulation evolves in parallel with an increasing focus on transparency, accountability and responsible use.
However, many organizations are still adapting their internal structures, governance and processes to support this shift. The challenge is therefore not only technical or legal, but operational. Bridging this gap requires alignment across disciplines and a more integrated approach to decision-making.
This misalignment is also reflected in how consent is currently implemented. While the legal requirements are well defined, the user experience often lacks clarity and intention. Cookie banners have become the standard interface, yet in many cases they are designed to meet compliance requirements rather than to enable informed choice, leading users to accept conditions passively rather than engage meaningfully.
The result is a system that functions legally but does little to build trust, raising broader questions about the sustainability of current consent models in their existing form.
The impact of these shifts is now visible in market dynamics, where reduced addressability, lower match rates and increased system complexity are affecting both performance and monetization. Early implementations of privacy-safe solutions, including those based on aggregated and modeled data, show progress but do not yet fully replace the efficiency of previous approaches.
AI plays a central role in this transition, enabling optimization in lower-signal environments while introducing new dependencies on data quality, model design and governance. In this context, privacy is not only a constraint but a force actively reshaping how value is created and distributed across the ecosystem.
Publishers are responding by accelerating their focus on authenticated environments and first-party data strategies. By encouraging logged-in usage and investing in proprietary platforms, they are building more direct and durable relationships with their audiences, creating a more stable data foundation for activation and monetization.
At the same time, these controlled environments enable AI-driven use cases such as modeling and personalization within clearly defined boundaries. The shift is clear: from reliance on external signals toward ownership of data, inventory and user relationships.
Taken together, these developments point to a new operating model for digital advertising. First-party data becomes the foundation, complemented by aggregated and modeled approaches that enable scale while respecting privacy constraints. Technology, particularly AI, becomes a core capability, supporting decision-making, optimization and prediction.
Internally, organizations are evolving accordingly, with closer integration between legal, data, product and marketing functions. Strategy becomes continuous rather than fixed, reflecting the pace of change across both regulation and technology.
A consistent message throughout the summit was the need to move beyond reactive responses. In an environment defined by ongoing change, waiting for clarity is no longer a viable strategy. Organizations that lead will be those that design systems with privacy and AI in mind from the outset, build flexibility into their data strategies and invest in capabilities that support long-term resilience.
As regulation continues to evolve, public affairs is becoming increasingly relevant to business strategy, with many of the decisions that shape the market influenced before formal legislation is finalized. Early engagement therefore becomes essential.
At the same time, individual organizations have limited influence in isolation, making industry collaboration, shared standards and collective initiatives critical to reduce fragmentation and ensure that the ecosystem evolves in a way that remains workable in practice.
The Privacy-Centric AdTech Summit makes one thing clear: the future of digital advertising will not depend on the ability to track individuals with precision, but on the ability to operate effectively within privacy-aware systems. AI will be central to enabling this transition, but only when supported by strong data foundations, clear governance and responsible design.
Ultimately, this represents a shift from reliance on external signals toward ownership of data, relationships and capabilities.
