Data-driven technologies introduce new privacy risks that are currently not (explicitly) addressed by European data protection law. Against this backdrop, the chapter discusses the general conceptual shortcomings of the GDPR, followed by an overview of the various issues that arise when applying EU data protection law to data-driven technologies and an analysis of the (often unclear and incoherent) relationship between the GDPR and EU digital law. A final section draws conclusions and provides recommendations on how the EU data protection legal framework could be improved to take sufficient account of data-driven technologies.