This paper addresses the pervasive over-collection of personal data by corporations offering ostensibly “free” digital services. It examines the synergistic application of EU consumer law and data protection law through legal interpretation, comparative analysis, and case-law examination, revealing their complementary potential in regulating data commercialization practices. The study innovatively proposes an integrated “data consumer law” framework, contending that core consumer rights—particularly transparency and fair trading—can serve as substantive constraints on corporate data processing. It further advocates enabling consumer organizations to bring data infringement claims under consumer law. By bridging doctrinal divides, the research provides both theoretical grounding and concrete institutional proposals to strengthen the EU’s data rights protection architecture and advance legislative–judicial coherence. (136 words)

In modern markets, many companies offer so-called 'free' services and monetize consumer data they collect through those services. This paper argues that consumer law and data protection law can usefully complement each other. Data protection law can also inform the interpretation of consumer law. Using consumer rights, consumers should be able to challenge excessive collection of their personal data. Consumer organizations have used consumer law to tackle data protection infringements. The interplay of data protection law and consumer protection law provides exciting opportunities for a more integrated vision on 'data consumer law'.