When data is properly de-identified from the individual data subject, that data generally can be shared not only with others who would normally have access to it, but also with unrelated parties for potential commercialization of the data if there is no risk of re-identification. Creating and compiling de-identified data to be monetized, however, poses significant challenges and the process of compiling any database for use in commercialization, such as use in AI, needs to comply with a host of regulations on privacy and data use rights. In a guest article, Sharon Klein, Alex Nisenbaum and Karen Shin, attorneys at Blank Rome, explore the regulatory, commercial and best practice elements necessary to balance the benefits of commercializing data against the risk of harm to the individual supplying that data. See our AI Compliance Playbook series: “Traditional Risk Controls for Cutting-Edge Algorithms” (Apr. 14, 2021); “Seven Questions to Ask Before Regulators or Reporters Do” (Apr. 21, 2021); and “Understanding Algorithm Audits” (Apr. 28, 2021).