%0 Journal Article %T Personal Data as Consideration %A Dudás, Gábor János %A Kovács, András György %A Schultz, Márton %J Santander Art and Culture Law Review %V 2023 %R 10.4467/2450050XSNR.23.029.18649 %N 2/2023 (9) %P 215-242 %K value of personal data, European Data Protection Board, commercialization of personality rights, personal data as an asset %@ 2391-7997 %D 2023 %U https://ejournals.eu/en/journal/saaclr/article/personal-data-as-consideration %X This article argues that personal data may have a commercial value in the European legal systems, and as such it can function as a consideration and has a quid pro quo character. It claims that the European Data Protection Board (EDPB) should not exclude that data concerning the data subject can be used as contractual consideration, especially in the world of the Internet. In particular, it cannot be excluded solely on the basis that the right to privacy is not transferable, a position taken thus far in the EDPB’s practice. This proposed new approach is supported by the fact that in some EU Member States the property aspects of the general right of personality have been recognized, a stance which may also apply to personal data, without the need to recognize a kind of data ownership or sui generis intellectual property right in the data. Thus, the theory of commercial aspects of personality rights can be linked to the commercial value of personal data. The quid pro quo function of personal data may also be recognized in line with the provisions of the General Data Protection Regulation (GDPR). In fact, maintaining the interpretation of the EDPB – which denies the quid pro quo character of personal data from a fundamental rights perspective – means that the dangers of such data processing cannot be assessed. This affects cultural heritage in many aspects – from the sending of newsletters to selling merchandise products in museums. The EDPB’s guidelines, as soft law, have no direct impact on the case-law of the national courts, thus this also significantly increases the risk of a collision between the simultaneously available remedy regimes established by the GDPR.