This paper explores the relation between the European rules on data protection and the commercialization of data. After contextualising the ongoing data revolution, it is argued that the practice of commercializing data may raise problematic issues under data protection law in two fundamental respects. First, it is often unclear whether data protection law should apply to begin with (‘the “if” problem’). Secondly, when and if data protection law applies, it is frequently hard to determine how it should apply (‘the “how” problem’). As we will observe, both the irreducibly dynamic nature of data and the conceptual blurriness of our legal discourse risk setting data protection law and trade in data on a baleful collision course.