The Directive (EU) 2019/770 expressly regulated, for the first time, contracts where the trader supplies digital content or a digital service and the consumer does not pay a price but provides personal data. It was implemented in Italy with the Legislative Decree No. 173/2021, which amended the Consumer Code, by introducing the Chapter I-bis. However, although the Directive and, consequently, the Italian Consumer Code recognize the possibility – and therefore the lawfulness – for personal data to be exchanged for a service, they expressly exclude that personal data can be considered a commodity, comparable to a price, creating serious doubts as to their nature and the qualification of their provision. In addition, the Directive extends its scope of application to contracts for the exchange of digital services and personal data, thus generally extending the scope of consumer protection law to this relationship, but without making any coordination between the different rules, and this is particularly evident and problematic in relation to pre-contractual information and unfair commercial practices. The same can be said for Union law on the protection of personal data, expressly referred to in the Directive, which, however, leaves out the regulation of relevant issues, such as the conditions of lawfulness of processing, whether consent coincides with contractual consent and is compatible with data protection law, and what happens if it is withdrawn. By examining Directive (EU) 2019/770, the Italian Consumer Code, European consumer and data protection law, as well as the opinions of the European Data Protection Supervisor and the Italian Competition Authority, legal scholars and case law, the paper aims to address whether personal data can be considered as the payment for a service and under what conditions their processing can be considered lawful.