Point of Inflection: Passage of GDPR & CCPA [2016-2018]
I originally thought of writing this book in 2021, creating the outline and my initial notes for it the night the idea popped into my head. At the time, awareness in the general public about consumer privacy was rising, the state-level legislation trend was just popping on the radar, and I was fairly consumed with getting playhaus, my technology solution to this transition, off the ground.
The years 2016 to 2018 marked a seismic shift in the relationship between technology, personal data, and consumer rights—a shift that would fundamentally reshape the digital marketing landscape, ultimately contributing to my decision to leave my cushy role as an AI product expert at Google and build a different vision in the fall of 2020.
In 2016, I found myself graduating college, wrapping up work as an analyst for the defense contracting industry, and stepping into my first role at an adtech startup. And my earlier experience with media piracy online as a young teenager, using tools like BitTorrent, I was unwittingly positioning myself at the epicenter of this transformation.
While I was starting my personal coding journey and building ad server algorithms, I was grappling with questions I couldn’t yet fully articulate. The European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) were still abstract legal developments to most, but to those of us working at the intersection of data and advertising, they represented a looming existential challenge: How could we continue delivering performance-based marketing in a world increasingly designed to obscure the very data we relied upon?
This question—how to do performance advertising in a double-blind environment—would become my obsession, the basis for playhaus, and ultimately the foundation for the ideas explored throughout this book. The privacy revolution is in full swing, and nothing in digital marketing would ever be the same.
From Campus to AdTech: My Journey into the Privacy Storm
Let me take you back to 2017. I’m fresh out of the University of Michigan, joining the team at AdAdapted—a scrappy adtech company that was pioneering performance digital media for CPG brands. If you’re not familiar with the CPG world, that’s “consumer packaged goods” for the uninitiated—think Procter & Gamble, Coca-Cola, PepsiCo, and all those other brands whose products fill your grocery cart but whose digital performance is notoriously difficult to track.
This was the inverse problem of an analog billboard. With a billboard, you know exactly where it is, but have no clue who’s actually looking at it or if they’re buying your shit afterward. With digital ads, we knew who was seeing them but couldn’t easily connect that to physical store purchases. Some competitors were using geofencing—counting it as a “store visit” when a device that saw an ad later entered the geography of a store that sold the product. But that approach was non-deterministic at best and borderline magical thinking at worst.
AdAdapted had cracked a different approach. We’d partnered with digital shopping list applications (yes, people use those) to show targeted ads for individual products, or even bundles attached to recipes. When users added these products to their digital grocery lists, we counted that as a performance action—a much more deterministic signal that, after enough tests with retailers, became a reliable performance advertising product for the CPG space.
Meanwhile, in the background, GDPR had just passed in Europe. As I was settling into my role at AdAdapted in fall 2017, the industry conversation was already shifting toward: “How the hell do we handle conversion tracking in a cookieless world?” This is where I first started toying with what would eventually evolve into the concept of a first-party data warehouse, but leveraging a blinded box to perform ID matching without legally compromising user privacy.
To be honest, this wasn’t super relevant to AdAdapted’s business model at the time. We were evaluated more on an awareness basis, and clients treated us as a contextually relevant channel to saturate. But the writing was on the wall, and the marketing technology landscape was about to undergo a fundamental transformation.
The Perfect Privacy Storm: Personal and Professional Convergence
This period represented a perfect storm of privacy-related developments in my professional and personal life. While grappling with these questions at work, I was also dipping my toes into the crypto space on evenings and weekends, reading books about blockchain, and exploring the possibilities of decentralized systems. Then 2018 brought the California Consumer Privacy Act (CCPA), which essentially imported European-style privacy regulations to American soil.
By 2019, I’d started my master’s in data science and business and landed a job at Google—the OG pioneer and current goliath of the digital advertising space. The privacy transformation was accelerating: the 2019-2020 DeFi summers happened, several documentaries about data privacy and AI abuse hit streaming platforms and raised public awareness, and a cascade of other states started drafting their own privacy laws.
Then 2020 happened. I cashed out some crypto gains to buy a house in March (timing the market completely by accident, I might add), and by October, I’d quit Google to pursue my own vision. By March 2021, the first version of playhaus was born—my attempt to create a solution for this new privacy-first world.
Looking back, this 2016-2018 period was indeed a point of inflection—not just for the industry, but for my career trajectory. The questions that emerged during this time would come to define my work for years to come.
BitTorrent Days: The Unexpected Privacy Education
You might be wondering what a teenage kid’s adventures in BitTorrent have to do with privacy legislation and the future of digital marketing. Fair question.
I became the well-educated and culturally rounded person I am today largely because of leveraging media piracy and torrenting to give myself a broad education and depth of media experiences to draw from. While Spotify, Netflix, and other streaming services were still gleams in their founders’ eyes, I was essentially able to stream all media, for free, before that was even a thing.
The music, movies, documentaries, TV shows, and books I consumed via these less-than-legal means have made me into the polymath I am. Now, do I know that stealing is wrong? Sure. But the analog environment I grew up in (mostly due to parental constraints) wasn’t conducive to accessing this media through legitimate channels.
This early experience instilled in me a respect for anonymous hacker culture, privacy rights, and those crypto-punk vibes that would later inform my perspective on digital rights. With the current state of cryptocurrency and blockchain technology, I believe there’s a better balance to be achieved—one that supports both access and fair compensation while minimizing extortive waste.
But we’ll unpack that more later in the book.
Totem and FUNL: Seeds of a Data Revolution
Around the same time, I was involved in a side project called Totem—a social polling application started by a high school classmate of mine, which I joined along with my friend Matt Pierce during our time at the University of Michigan. Matt and I were juniors; Neil was a sophomore. We had divergent views on the path forward: Neil wanted to take Totem in one direction, while Matt and I rebranded to FUNL to pursue my vision.
Although privacy wasn’t our primary concern at the time, this project planted the seeds for what would later evolve into a composable, abstract, universal data schema—the backbone for privacy-preserving data architecture. Back then, my frustration was simpler: answers to questions on the internet lived in separate silos with no easy way to map them together.
I wanted to use the scientific method + (Who/What/When/Where/Why/How) and a superlative-based ranking system to create structured queries that could discover answers to subjective questions. We almost got on Shark Tank, but we never got a front end working. Classic startup story, right?
The Black Box Solution: Early Technical Explorations
As the regulatory landscape shifted, I began thinking about technical solutions. The initial concept of a “black box” would use an encrypted key system where the inside of the box could see both sides at the time of transaction to perform ID matching, but this inherently involved having a key mapping table that would be visibly auditable to the provider of the technology—not exactly trustless, nor private.
At the time, I wasn’t aware of fully homomorphic encryption (FHE), which would later become a critical piece of the privacy tech puzzle. Like many aspects of this journey, my understanding was in its early infancy.
The Dawn of Authentic Intelligence
The collision of these experiences—working in adtech as privacy regulations emerged, my background in media piracy and decentralized systems, and the social polling project exploring structured data—all contributed to a unique perspective on the challenges facing digital marketing in a privacy-first world.
The question that emerged—how to do performance advertising in a double-blind environment—wasn’t just a technical puzzle. It represented a fundamental rethinking of the relationship between consumers, their data, and the brands seeking to reach them.
As we moved into 2019 and beyond, this question would lead me from Google to founding playhaus, from conventional adtech to blockchain-based solutions, and ultimately to the thesis that underlies this book: that the future of marketing lies not in harvesting more data, but in building more authentic intelligence.
The privacy revolution wasn’t just coming—it had arrived. And nothing in digital marketing would ever be the same.