Privacy-First Audience Targeting and Web3-Ready Data Clean Rooms: An Emerging Opportunity
Another Area of Interest at Pressplay Capital: Data Led Ad Tech Infra
Hey founders, funds, & friends 👋,
A warm welcome to the 65th edition of the “Mehtta Ventures Dubai” investment digest newsletter, your weekly news digest about GAMES [Gaming, Ad Tech, Media Tech, Entertainment and Sports Tech] + AI startup and scaleup stories across the Middle East & India, digital / business trends shaping our lives and curated venture investment opportunities.
Go ahead and subscribe below to receive this newsletter with a fresh startup & investor perspective in your inbox every Monday.
Quickreel - the "Twilio" of Video Editing / Creator Economy
Video infra APIs that make it radically easier, cheaper, and faster for creators, apps, and platforms to generate high-quality video content. In a world where video is the language of the internet, QuickReel is quietly powering the next wave of creator-led businesses.
🎯 What stood out:
- Editing and publishing video [especially SFV or Short Form Video] is still painfully hard for most creators — Quickreel solves this with infra-first, API-driven simplicity. Building in India for the world!
- They’re not targeting creators alone — they’re enabling every product that wants to add a video layer.
Their moat? Distribution + Dev-friendliness + Creator-first culture.
Sam Altman once said a $1B startup will be built by a single person. Ansh adds: they’ll probably be using Quickreel APIs.
Watch this conversation with Ansh Vashistha, co-founder of Quickreel if you're building for the creator economy, investing in infra startups, or just curious about where the next billion-dollar wave is forming.
🎥 Full episode out soon on the Pressplay Podcast [Subscribe via this YouTube link]
If you or someone you know is excited about backing early movers in the attention economy, we’d love to schedule time to walk through the thesis and the overall strategy.
Today’s program:
Why Privacy-First Infrastructure Is the Need of the Hour
Exit Examples and Investment Potential in AdTech Infra Companies
Opportunities: Moats, and the Path Forward
And….Action!
Why Privacy-First Infrastructure Is the Need of the Hour
The digital advertising ecosystem is at a crossroads. Third-party cookies – long the backbone of audience targeting – are in rapid decline. Google’s long-anticipated phaseout of third-party cookies in Chrome is finally underway (Instead of a complete removal, Google now offers a "user choice" model, allowing users to opt-in or out of third-party cookies. This means third-party cookies are not entirely "dead," but their usage will be more controlled and privacy-focused), following Safari and Firefox which already block them. By some estimates, up to 87% of web traffic could soon be free of third-party cookies once Chrome and other browsers fully implement their privacy plans. In parallel, mobile ad IDs are scarcer due to moves like Apple’s App Tracking Transparency (ATT) framework, which since 2021 has required explicit user consent for app tracking. In short, the data signals that fueled programmatic advertising for a decade are vanishing, forcing marketers to rethink how they reach and understand consumers in a privacy-centric world.
These changes have already driven customer acquisition costs (CAC) sharply higher for many brands. Without easy cross-site tracking to power precise targeting and attribution, advertisers are paying more to get the same results. For example, digital-first retailers report that average CAC has exploded – rising from around $9 in the early days of e-commerce to about $29 in 2022 (a 222% increase) [Pixis]. A survey found 75% of marketers saw their social advertising KPIs decline after Apple’s iOS 14 privacy updates. This “signal loss” from cookies and device IDs has made it harder to find and convert customers, contributing to skyrocketing CAC and squeezing ROI for advertisers. In the words of one DTC executive, their cost of acquisition “skyrocketed at the onset of the iOS 14 changes”. Rising competition on the remaining targeting channels has further inflated media costs, creating a challenging landscape for growth-stage companies reliant on paid digital marketing.
At the same time, regulators and consumers are scrutinizing Big Tech’s data practices like never before. GDPR in Europe set the tone in 2018, and enforcement is ramping up: Meta (Facebook) was hit with a €390M fine in 2023 for its “unlawful” handling of personal data for ads, forcing a fundamental change to its consent model. India’s new Digital Personal Data Protection (DPDP) Act of 2023 likewise imposes strict requirements on how personal data is collected, stored, and used, including steep penalties for violations like unsolicited tracking or misleading consent forms. Notably, the DPDP Act mandates local storage of sensitive personal data and coincides with the end of third-party cookies in 2024 – a double blow to advertisers reliant on invasive tracking. Even in regions like the Middle East that historically had patchy privacy rules, comprehensive data protection laws are emerging to mirror GDPR. Collectively, these regulations underscore that consent-based, transparent data practices are no longer optional – they are legal and reputational necessities for any business handling user data.
Beyond privacy laws, antitrust pressures are mounting on the walled gardens. As Google tightens its grip on first-party data (e.g. requiring logins or using its Privacy Sandbox in Chrome), regulators worry it further entrenches its dominance. Google will retain end-to-end control of a massive swath of ad targeting and measurement inside its own ecosystem, sharing ever less data with advertisers – a dynamic already drawing regulator attention. This environment is driving advertisers and publishers to seek independent, privacy-safe infrastructure that isn’t solely controlled by Big Tech. In short, businesses want ways to leverage data for marketing in compliance with privacy norms and without being wholly dependent on Google, Meta, or Amazon.
First-party data orchestration has therefore become a top priority. Brands are investing in Customer Data Platforms (CDPs) and other tools to harness data from their own customers and channels. But activating that first-party data effectively – and enriching it with external insights in a compliant way – requires new approaches. This is where data clean rooms and federated audience collaboration come in. Data clean rooms are essentially secure environments where multiple parties can match and analyze data without sharing raw personal information. In a clean room, a publisher might combine its audience data with an advertiser’s customer list (using privacy-safe identifiers or hashing) to find overlaps or measure campaigns – all without either party exposing the underlying user records. These collaborations maintain individual privacy while still yielding valuable aggregate insights. As one expert describes it, a clean room provides “a secure place to bring data together for joint analysis without revealing the underlying personally identifiable information” [medium.com]. In effect, clean rooms allow companies to replace the functions of third-party cookies (audience matching, attribution, frequency capping, etc.) through privacy-by-design data partnerships rather than open data sharing [digiday.com].
Equally important is the emergence of consent-based data marketplaces and identity solutions that work hand-in-hand with clean rooms. In a world of GDPR and DPDP, any audience data used for marketing must be permissioned and traceable. Modern “audience marketplaces” operate not as the black-box data brokers of old, but as consent-driven collaboration networks. For example, a data clean room can enable a retailer to contribute anonymized transaction segments to an advertiser, but only for approved uses and only after cryptographically verifying user consents. These federated data exchanges allow businesses to monetize or enrich data in a compliant manner – often by leveraging a neutral identity provider or “common identifier” that all parties map to. As one industry analysis explains, such data collaboration environments use an identity spine so that a brand’s first-party data can be matched with a partner’s data in a privacy-safe way, and crucially, they allow the brand to then activate those insights outside the collaboration environment [campaignasia.com]. This means an advertiser could find a valuable audience overlap with a publisher in the clean room, then export an anonymized segment to run campaigns, all without either side exchanging raw user info. In essence, federated clean rooms and consented audience networks directly address the new market needs: they help companies continue effective advertising and customer analytics under tighter data restrictions, they reduce reliance on the tech giants’ walled gardens, and they embed compliance (consent, security, minimal data movement) into the infrastructure. It’s no surprise that forward-thinking brands now see these privacy-first data collaboration tools as “indispensable” – a recent industry survey found data clean rooms have become a must-have technology for 80% of big advertisers, and companies are increasing their investments to unlock more use cases like attribution and ROI measurement within these privacy-safe environmentsiab.comiab.com. In short, the convergence of privacy regulation, technology shifts, and rising costs is making privacy-first audience targeting infrastructure not just a nice-to-have, but the need of the hour.
Regional gaps in APAC and MENA: The adoption of data clean rooms and privacy-first data infrastructure is uneven globally. The U.S. and Europe (spurred by GDPR) have led adoption, with a majority of large brands and publishers experimenting with one or more clean room solutions. Asia-Pacific, however, has been slower on the uptake – though this is changing. In Australia, for example, there are reportedly up to 500 clean room deployments now in planning or live, as the country updates its privacy laws to align with global standards [campaignasia.com]. Yet many APAC brands remain hesitant to lead the charge. Part of the challenge is education and data readiness: companies are still building robust first-party data foundations and may lack the internal talent to immediately leverage clean rooms. A “first-party data shortage” in some markets means even if the tech is available, some brands don’t yet have enough quality data (or enough consent permissions) to fully utilize it. Additionally, APAC marketers often lean on agency partners to drive strategy, and agencies themselves have only recently ramped up regional clean room expertise. We’re seeing initiatives to bridge this knowledge gap – for instance, regional data providers (like telecoms or publishers alliances) are beginning to offer clean-room-based collaboration as a service to brands.
In the Middle East and North Africa (MENA), the landscape is at an even earlier stage. Until recently, many MENA countries had only fragmentary privacy regulationscloudi-fi.com, and data-driven marketing was dominated by walled garden platforms. However, new laws in UAE, Saudi Arabia, Qatar and others are coming into effect that mirror GDPR principles, and this is sparking interest in compliant data solutions. The Middle East’s digital ad market is growing quickly, and local enterprises are realizing they will need homegrown or localized data clean room solutions to enable safe data partnerships (for example, between banks and retailers, or publishers and brands) without violating privacy laws. Today, a handful of global players have begun extending into APAC/MENA – LiveRamp has a presence in APAC, InfoSum had opened offices in the region prior to acquisition, and Adobe/Oracle market their data platforms globally. But clear regional gaps exist: there is an opportunity for new entrants to serve markets like India, Southeast Asia, and MENA with solutions tailored to local needs (such as handling data localization requirements and supporting local identity graphs). These regions may leapfrog with cloud-native clean rooms since many companies are already adopting modern data stacks and aren’t tied to legacy on-prem systems. In short, the competitive field is open for innovators who can educate the market and provide an all-in-one, compliance-ready data collaboration infrastructure in these emerging privacy-focused economies.
Exit Examples and Investment Potential in AdTech Infra Companies
The strategic importance of privacy-first data infrastructure is underscored by recent M&A and funding events in the advertising and marketing tech space. We are witnessing a wave of acquisitions, IPOs, and investments that suggest robust exit opportunities for companies enabling compliant data collaboration and audience targeting. Crucially for investors, many of these deals are happening at healthy multiples, reflecting strong buyer appetite for the technology and talent in this sector.
A few headline examples help illustrate the trend:
LiveRamp’s $200M acquisition of Habu (2024): In January 2024, LiveRamp – a publicly traded data enablement platform – agreed to acquire Habu, a startup specializing in data clean rooms, for $200 million in cash and stock. This deal brought Habu’s clean room software and team under the LiveRamp umbrella. LiveRamp’s CEO described Habu as a “lightweight application layer that makes data even easier to use,” indicating that the goal was to ingest Habu’s capabilities into LiveRamp’s much larger client base. Notably, LiveRamp disclosed that Habu was expected to contribute about $18 million in revenue in FY2025 [Reuters], implying an acquisition multiple of roughly 11x forward revenue – a strong valuation for a Series B/C-stage startup. The rationale is clear: by folding Habu into its offerings, LiveRamp can accelerate its own data collaboration roadmap and cross-sell clean room solutions to major clients (like Walmart, PepsiCo, etc., which were mentioned as users of both platforms). For investors, the Habu exit demonstrated that larger SaaS and data companies are willing to pay a premium for proven privacy-tech products that complement their platforms.
WPP’s acquisition of InfoSum (2025): In April 2025, WPP – the world’s largest advertising agency holding group – acquired InfoSum, one of the last independent pure-play clean room providers. Terms weren’t officially disclosed, but reporting pegged the deal at around $150 million. This move was significant because it wasn’t a traditional enterprise software acquirer, but an agency network (GroupM, part of WPP) buying technology to embed into its client offering. WPP framed it as a “major investment in an AI-driven data offering,” essentially bringing InfoSum’s privacy-safe data collaboration tech in-house to enhance WPP’s media and audience products. For InfoSum, which had built a strong product (and client roster including the likes of Channel 4 and ESPN) but was facing competition from giants, the acquisition provides an exit and the backing to scale within a holding company that controls billions in ad spend. Strategically, it reflects that agencies see the writing on the wall – to continue delivering value, they need their own privacy-centric data infrastructure rather than relying solely on third-party vendors. For the market, it’s an example of a strategic exit driven not by a tech company or PE firm, but by an end-user of the tech (albeit a very large one) looking to differentiate its services.
Salesforce and Twilio bets on data platforms: Large MarTech players have also made moves on adjacent data technologies in recent years. Salesforce, known for its CRM and Marketing Cloud, acquired several data management and integration firms in the late 2010s as the wave of CDPs (Customer Data Platforms) rose. For instance, Salesforce bought Datorama (a marketing analytics and data integration platform) for a reported $800M in 2018, and earlier Krux (a DMP which became part of Salesforce’s Audience Studio) for ~$700M in 2016. More directly in the CDP space, cloud communications company Twilio acquired Segment – one of the leading customer data platforms – in 2020 for $3.2 billion [techcrunch.com]. Segment isn’t a clean room per se, but its infrastructure for collecting and routing first-party customer data is a cornerstone of consent-based marketing. Twilio paid a hefty sum (all-stock deal) to integrate Segment’s capabilities, underscoring how critical first-party data management had become to customer engagement platforms. The multiple for Segment was rumored to be high (Segment’s ARR was estimated in the low hundreds of millions at the time), reflecting ~15x–20x revenue valuation – in line with top-tier cloud software deals. These acquisitions show that cloud and software giants are willing to acquire data orchestration and privacy-centric marketing companies at billion-dollar valuations. It stands to reason that as privacy regulations proliferate, we could see similar large exits for companies solving the next generation of challenges (consent management, secure data collaboration, etc.). In fact, other enterprise software firms like SAP and Oracle have also invested: SAP acquired Gigya (an identity/privacy platform) in 2017 to bolster its customer data compliance features, and Oracle acquired BlueKai (a data marketplace/DMP) in 2014 – though the latter became a lesson in data responsibility after it later faced privacy scrutiny.
IPO pathways and public market performance: The public markets have shown receptiveness to AdTech/MarTech companies that differentiate on data and privacy. The Trade Desk (TTD), while more of an ad buying platform, is an example of an adtech IPO success story – its valuation soared in part due to investor confidence in its ability to thrive in a post-cookie world by leveraging first-party data and contextual targeting. LiveRamp (RAMP), which is directly in the data connectivity space, has been a public company since the late 2010s after spinning out of Acxiom. LiveRamp’s current market capitalization (around 2025) and revenue multiples indicate a solid appreciation for data collaboration tech – it trades at roughly 4-6x revenue (typical for a mature mid-cap SaaS), and was able to use its stock as currency for deals like the Habu acquisition. We haven’t yet seen a pure-play data clean room startup go public, likely because most get acquired earlier or are within larger entities; however, given the growth trajectories, it’s plausible that a standout player in privacy-first audience tech could target an IPO in the coming years if it reaches sufficient scale (hundreds of millions in ARR). Companies like OneTrust – a leader in privacy compliance software valued at $5 billion in its latest funding rounds – demonstrate that the market rewards firms enabling trust and compliance. OneTrust is more focused on compliance (consent management, data governance) than advertising, but it speaks to the broader valuation potential in privacy tech. Even as market conditions fluctuate, the demand for solutions that ensure marketing can be done in a lawful, consumer-friendly way is only increasing.
Importantly, many of these exits are happening at attractive revenue multiples relative to broader enterprise software. Privacy-focused adtech/martech companies can command high multiples because they address a mission-critical need (compliant data usage) and often have high growth and recurring SaaS models. The LiveRamp/Habu deal at ~11x forward revenue and Segment at ~20x are examples. Even in a more normalized valuation environment post-2021, a solid 8-12x multiple for mid-sized players is realistic, per recent deal comps. The growing buyer appetite is fueled by both push and pull factors: on one hand, compliance requirements are pushing all marketing ecosystem players to shore up their capabilities (no one wants to be the next company caught without proper consent controls or privacy-safe analytics). On the other hand, the opportunity to enable data-driven growth in a privacy-first way is pulling in investment – companies that can solve the privacy-personalization paradox stand to gain the budgets that were once poured into opaque third-party data. In summary, the investment thesis is reinforced by the exit landscape: privacy-first audience targeting is not a niche – it’s becoming foundational, and those who build the foundational tech are being richly rewarded by acquirers and investors alike.
Opportunities: Moats, and the Path Forward
Deep-Tech Differentiators and Defensibility
The flip side of challenges are the opportunities – especially for startups looking to build a moat. As the market gets more crowded, true differentiation will come from technological capabilities that are hard to replicate. Here are a few areas where deep tech can set leaders apart:
Distributed Ledger and Blockchain for Data Transparency: One novel approach pioneered by one of the companies that we are evaluating (founded by ex-WPP executives) is using distributed ledger technology (DLT) – essentially blockchain – as the backbone of the data collaboration process. The idea is to record every data usage, query, or permission on an immutable ledger that all participants can verify. This creates an automatic audit trail and builds trust in a decentralized way. For example, instead of a centralized clean room operator being a black box, a blockchain-based system could log consent transactions or data queries such that Brand A, Brand B, and Publisher C all see the same record of what was done with their data. The startup described their solution as a decentralized clean room: each party retains their data, and the ledger ensures “whatever data is being used and processed is made available to all participants who contribute”, preventing any one party (or intermediary) from having an opaque role. Technically, these systems might use permissioned blockchains with Merkle proofs or hashes anchored on a public chain for integrity. The benefit is transparency and scalability in multi-party collaborations – you could have many participants contributing to a data network without a single central database. While blockchain isn’t a must for clean rooms, those who implement it cleverly could solve trust issues and even enable new models (like micropayments for data usage or automated compliance checks via smart contracts). It’s a deep tech moat because it requires cryptographic expertise and it’s not trivial for a traditional SaaS competitor to bolt on. However, it’s still early – the key will be demonstrating that DLT-driven clean rooms can perform as efficiently and flexibly as traditional ones. If they can, the trust advantages could be a game-changer.
Advanced Privacy-Enhancing Technologies (PETs): Almost all solutions will claim privacy protection, but the degree of protection (and utility) varies. Leading players are incorporating sophisticated PETs beyond basic hashing. This includes multi-party computation (MPC), homomorphic encryption, and differential privacy techniques. For example, one can allow two parties to compute an outcome (like “how many customers did we both have in common?”) without either side seeing the other’s data in plain form – achieved via MPC protocols. Some clean rooms offer query interfaces that automatically apply differential privacy noise to outputs, ensuring that results can’t be reverse-engineered to individual data. In fact, privacy tech is a key focus in R&D: Snowflake’s clean room reference mentions use of differential privacy, aggregation thresholds, and even synthetic data generation to protect individuals. A company that excels in PETs can work with more sensitive data (e.g. PII or health data) because it can genuinely minimize risk. PET expertise can serve markets like financial services and healthcare marketing, where compliance barriers are highest – making it a moat as generalist competitors might shy away from those complex sectors. Moreover, if a provider can certify their methods (perhaps via third-party audits or attestations like ISO/IEC 27701 for privacy, etc.), it becomes very hard for a newcomer without those capabilities to win enterprise trust. We expect PETs to be an arms race of sorts: winners will have cryptography PhDs on staff and potentially IP (patents or proprietary algorithms) that give them a performance edge in doing encrypted or anonymized computations at scale.
Federated and Interoperable Architecture: As discussed, federated data processing (where data stays at source) is highly appealing for compliance and performance (no massive data migrations). Implementing true federated queries across different environments is technically challenging – it may involve orchestrating multiple cloud functions or databases to run a query and then aggregating the results securely. Some providers have achieved this within homogeneous environments (e.g. two Snowflake accounts), but the holy grail is federation across heterogeneous systems (say, a query that touches a Snowflake data set, a BigQuery data set, and an on-prem database, all without raw data leaving those systems). A company that builds such an orchestrator with seamless federation will offer unmatched flexibility. It would allow clients to collaborate without forcing standardization on a single platform. The IAB’s guidance notes that a DCR provider could operate in federated mode, where it “enables data connections and mechanisms to perform processing in the data contributor’s environment or a neutral environment” [iabtechlab.com]. Achieving that means heavy lifting on connectivity, data normalization, and latency management. If done well, though, it’s a defensible technical moat – it’s much easier to operate a centralized clean room than a federated one; thus not everyone will manage the latter.
Consent and Permissions as a Core Feature: As privacy becomes ever more central, tools that natively handle consent capture and enforcement will stand out. Imagine a clean room where every data point is tagged with the permissions under which it can be used (for example, user X’s data can be used for analytics but not for ad targeting, per their consent). Whenever a query runs, the system checks these tags and only includes data allowed for that specific use. Building this requires integration with consent management platforms and perhaps a policy engine that understands different legal bases (consent vs. legitimate interest, etc.). Some emerging solutions are likely to integrate consent ledgers – databases (possibly blockchain-based, as mentioned) that log every consent transaction and data usage. By offering fine-grained consent management, a vendor can become the go-to solution for heavily regulated industries or any company that takes user trust seriously. It also opens up the possibility of consumers themselves eventually being part of the equation (a Web3 vision where users could store their consent preferences on a blockchain and smart contracts mediate data access – still futuristic, but prototypes exist). For now, the opportunity is to help clients automate compliance: e.g., if a user withdraws consent, the clean room should automatically exclude that user’s data from all future analysis and notify all partners. Doing this at scale is non-trivial, so those who get it right will enjoy a reputation boost and likely partnerships with the likes of OneTrust or TrustArc (leading CMPs).
In sum, the opportunity space in privacy-first audience targeting is expansive. Yes, there are real challenges in education, integration, and trust-building that any player must navigate to achieve adoption. But each challenge comes with the chance to differentiate by solving it better than others. The evolving regulatory and technology backdrop actually favors those who are agile and deeply technical – every new privacy law or platform change can be turned into a feature rather than a bug, if your infrastructure is built to adapt. From an investor’s perspective, we look for ventures that combine domain expertise in marketing and data with hardcore engineering in security/privacy. This combination can create a defensible moat that not only wins clients but also sustains a lead as others try to catch up.
As an analytical, forward-looking investor or founder, focusing on this intersection of privacy, data, and adtech is not just socially responsible in 2025 – it’s economically compelling. The market signals are clear: rising compliance standards, demand for first-party data solutions, and sizable exits all point toward a future where privacy-tech is the new martech. The task now is to execute on that thesis, overcoming the challenges and leveraging deep tech to build the foundational infrastructure of the privacy-first web. The window is open for innovators to become the next indispensable platform in the advertising and analytics ecosystem – one that lets businesses have their data cake and eat it (responsibly) too.
📬 Subscribe to our newsletters for deep dives into the attention economy & media-tech:
Mehtta Ventures Dubai (Attention Economy) – Subscribe here
The Streaming Lab (Streaming Industry) – Subscribe here
+ 🎙️ Follow our Pressplay Podcast for conversations with leading entrepreneurs (and VCs coming up) in the space:
Watch on YouTube – Pressplay Capital
> PressPlay is where the attention economy meets real builders.
> We’re excited for the future of media-tech and AI-driven streaming—and look forward to partnering with those who share our vision.
Interested Investors / Limited Partners, please go ahead and book time with us here
If you know of startup founders building in the “eyeball economy”, please go ahead and connect us. Let’s pay it forward together :-) 2025 it is!
Watch this space and subscribe / share with your friends.
While you wait for our next newsletter, I encourage you to check out our other newsletter / streaming consulting destination: The Streaming Lab where we cover streaming insights from MENA and India.
The “Mehtta Ventures Dubai investment digest” is a weekly newsletter exploring the trends that matter to startup founders and investment professionals in the Middle East & India. If you are not already a subscriber, sign up and join several others who receive it directly in their inbox every Monday.
Interested in investing with Mehtta Ventures Dubai in MENA & India? Email me
+ We work with startups, funds, other family offices and investment banks and help them upgrade their strategies, investments and market access. Contact me here.
+ We are on the Board of Directors of Adsolut Media, Asia’s largest digital video ad network. Please get in touch if you want to advertise to build awareness or generate leads for your brand across 7 billion + impressions per month including 150+ publishers, OTTs and broadcasters in the Middle East and several more in India, APAC, Europe and the United States. Contact me here.