The Federal Trade Commission (FTC) has a long-standing habit of creating legal obligations through blog posts. Recent communications from the FTC by way of its Office of Technology Blog evidence an aggressive expectation...more
As we’ve written about before, the question of anonymization can be tricky. When is something “anonymized” or merely “de-identified” or “pseudonymous” — and when does it matter? This is a particularly fraught issue under...more
Research participants must identify which data sets constitute personal data to ensure compliance with the GDPR. The UK Medical Research Council (MRC) has published a useful guidance note on the identifiability,...more