Data protection has always been linked to privacy in such a way that it is very difficult to assess its very notion, its purpose, and its value without falling back to privacy. The entry into force of the Lisbon Treaty on 1 December 2009 marked a historic moment for data protection: the right was elevated to the status of a fundamental right within the EU legal order, alongside the right to privacy. This article discusses the shortcomings of the current theories and the existing case law of the ECJ on data protection and argues that data protection should be ‘reconstructed’ in order to operate as a fully-fledged fundamental right next to the right to privacy. Two conditions are necessary for this: First, a ‘core’ or ‘essence’ of the right to data protection should be recognized. Second, infringements of the right to data protection should be determined solely on the basis of the relevant data protection principles themselves without the need to recourse to the right to privacy.