In recent years, research within and outside the European Union (EU) has focused on the expanding scope of personal data. The analysis provided has primarily supported the conclusions that in time, personal data will become so ubiquitous that the EU data protection law would become meaningless, unreasonable, or even discredited and ignored. Notwithstanding these criticisms, EU law is promoted as the ‘gold standard' for data protection laws and the law, including its definition of personal data, is being rapidly adopted by many non-EU countries. The objective of this article is to analyse the concept of personal data under EU law and to explore its continued relevance within a data protection framework that is rapidly globalised and in which technology is continuously evolving. The article argues that far from reflecting a universal notion of data protection, the EU law and particularly its definition of personal data reflects a perception of privacy that is peculiarly European. It further argues that recent developments in technology call for a re-examination of the concept of personal data and a more critical approach by countries with nascent data protection regimes. The article proposes the ‘objective risk of contextual harm’ as a new approach for formulating an alternative definition of personal data. It concludes that this approach better articulates the construction of data protection as a social good and a mechanism for (consumer) protection.