The most exciting, disrupting and portend aspect of the “smart” world is a  future proliferate with personal data. Artificial intelligence (AI) applications powered by machine learning algorithms can independently create data that is potentially personal, and what is even more fascinating the internet of things (IoT) can convert everyday devices into personal data because of their ability to reveal contiguous information about our daily activities. The fact is, we are going to be surrounded by personal data, and it does not end there. Big data analytics – the automated processing of data - combines the powers of AI with information drawn from IoT and other sources to produce an unprecedented volume of data some of which are personal. Not only does the proliferation of personal data aggravate the already tense debate about the meaning and scope of personal data, but it also creates concerns about how new (personal) data fits into the niche of existing data protection principles. Although EU data protection law promotes a broad interpretation of personal data, and  GDPR preserves this approach, we argue in this article that the increasing power of technology challenges long-entrenched definition of personal data under the law. We argue in particular that the main problem with EU law is its overly-broad interpretation of personal data. This argument is closely modelled on the notion of privacy in continental Europe which consistently conflates the jurisprudence of privacy and data protection. We, therefore, propose a reductionist approach using the ‘risk of contextual harm’ as the threshold for the determination of whether data would be subject to protection under a data protection regime or protected by broader privacy laws. This approach is fundamental to addressing both the nebulousness that technology increasingly fosters on the concept of personal data and the preservation of the EU law as the gold standard for data protection.