Why PETs Matter Now

Three pressures have pushed PETs from a niche cryptographic interest into a mainstream procurement item. The first is regulatory: the GDPR, the ePrivacy Regulation, the CPRA, and the EU AI Act all increasingly treat data minimization and purpose limitation as enforceable obligations rather than aspirational principles. The second is platform-driven: Google's Privacy Sandbox, Apple's App Tracking Transparency, and the broader deprecation of third-party cookies have forced the ad tech stack to find new substrates for measurement and audience building that do not depend on cross-site identifiers. The third is competitive: large advertisers and clean-room operators have built PET-based products that publishers must either integrate with or be excluded from.

For a publisher, the practical impact is that PETs are starting to appear in commercial conversations — in SSP responses to RFPs, in attribution vendor sales decks, in clean-room demos from retail media networks. Understanding what each technology actually does is no longer optional.

Four PETs That Matter for Publishers

The PET space is broad, but four techniques are showing up most often in publisher contexts. Each solves a different problem and has a different interaction with the consent layer.

Differential privacy

Differential privacy is a mathematical framework for adding controlled noise to aggregated outputs so that no individual record can be reverse-engineered from a report. In ad tech it shows up in two main places: in Google's Privacy Sandbox APIs (the Attribution Reporting API in particular), which add noise to conversion reports before they leave the browser, and in clean-room queries, where SQL aggregations are perturbed before results are returned to the buyer or seller. The strength of differential privacy is that its guarantees are quantifiable — an epsilon value sets the maximum information leak per query. The weakness is that, for small audiences, the noise can swamp the signal entirely. Publishers should expect to see epsilon values disclosed in vendor documentation by the end of 2026; if a vendor cannot tell you their epsilon, they are not actually offering differential privacy.

Federated learning

Federated learning trains machine learning models across many devices or servers without centralizing the raw data. In the ad context the most visible deployment is Apple's on-device modeling for SKAdNetwork attribution, and Google has signaled similar approaches in the Topics API and downstream Sandbox proposals. For publishers, federated learning is most relevant when working with first-party data products that want to power lookalike modeling or contextual scoring without exporting user-level data to a third party. The technique is mature enough to be in production at Apple and Google scale; the implementation cost for a publisher is non-trivial because it requires either a partner that runs federated infrastructure or an on-device SDK if mobile is in scope.

Secure multi-party computation

Secure multi-party computation, or MPC, lets two or more parties jointly compute a function over their combined data without any party learning the other's inputs. The canonical use case in ad tech is the data clean room: a retailer and an advertiser want to know the overlap between their audiences without exchanging customer lists. With MPC the join happens cryptographically and only the aggregate result is revealed. AWS Clean Rooms, Snowflake Data Clean Rooms, and Habu (now LiveRamp Clean Rooms) all support MPC-style joins, and the major retail media networks are increasingly making MPC the default integration pattern. For publishers offering audience extensions to advertisers, MPC is becoming the table-stakes mechanism for delivering matched cohorts without sharing the underlying identifiers.

Homomorphic encryption

Homomorphic encryption allows computation on encrypted data, so a service provider can perform a query without ever decrypting the records. In theory this is the most powerful PET in the toolbox; in practice fully homomorphic encryption is still too computationally expensive for general ad-tech workloads. Partial schemes (additive homomorphic encryption, in particular) are starting to appear in attribution reporting pipelines where the operations needed are limited to summations. Publishers should treat homomorphic encryption as a watch-and-wait technology in 2026 — it is real, it is moving fast, but it is not yet a practical procurement option for most ad-tech use cases.

How PETs Interact with Consent Management

A common misunderstanding in vendor pitches is that PETs eliminate the need for consent. They do not. Almost all PET deployments still require a lawful basis under the GDPR for the original collection of the data being processed, even if the processing itself is privacy-preserving. Differential privacy added to a conversion report does not make the conversion observation lawful in the first place — it makes the downstream aggregation safer.

The interaction with a CMP is therefore additive, not substitutive. A modern consent management platform should be configured to:

• Capture purpose-specific consent for the use cases that feed PET-protected workflows. Granular purpose flags map cleanly to which PET pipelines a user's data is allowed to enter.
• Propagate the consent signal to clean rooms via the IAB GPP string or a vendor-specific API so that the MPC join only includes records with valid consent.
• Honor withdrawal at the PET layer, not just at the page layer. If a user revokes consent, their data should be removed from any subsequent federated training rounds and excluded from new clean-room queries.
• Document the chain of custody so auditors can trace a piece of personal data from the consent decision through the PET pipeline to the final reported result.

Publishers that treat the CMP and the PET layer as one connected system end up with stronger compliance posture and faster procurement cycles with privacy-conscious advertisers.

A Practical Investment Roadmap

Most publishers cannot — and should not — invest in all four PETs at once. The right sequencing depends on traffic profile and revenue mix.

If most revenue comes from programmatic display

Prioritize differential privacy familiarity. Google's Sandbox APIs are the most likely path-of-least-resistance entry point, and understanding how Aggregation Service reports work is increasingly a procurement requirement from large advertisers. Get a CMP that publishes valid Consent Mode v2 signals and Sandbox-compatible flags; the cryptographic heavy lifting happens inside the browser.

If significant revenue comes from retail media partnerships

Prioritize MPC and clean-room readiness. The 2026 clean-room landscape is dominated by MPC-style joins, and publishers without a viable matching pipeline will see retail media spend route around them. Investments here are operational rather than research: choosing a clean-room platform, mapping consent states to the matching surface, and building the data ingestion pipeline.

If you operate a first-party data product or DMP

Prioritize federated learning literacy. The competitive frontier for first-party data products is moving from "we have a lot of data" to "we can train useful models without exporting the data". Partnerships with federated infrastructure vendors are the typical path.

The Regulatory Direction of Travel

The EDPB, the FTC, the ICO, and the CNIL have all signaled — in opinions, guidance documents, and enforcement orders — that PET adoption will increasingly count as evidence of GDPR-compliant data minimization. This does not mean a PET deployment is automatically lawful, but it does mean that two technically similar publishers with similar consent rates may receive very different regulatory treatment if one has deployed PETs and the other has not. For 2026 and 2027 strategy planning, the conservative assumption is that PETs will move from differentiator to expectation across European ad-tech procurement within 18 to 24 months. Publishers that build the consent-and-PET pipeline now buy themselves runway against that shift.