The present era of big data challenges many of the basic assumptions of competition law. One particularly pressing question is: to what extent should privacy considerations and data protection filter into competition law assessments? The paper focuses on personalized user data that companies gather through third-party tracking on the web. This practice allows the tracker to build comprehensive user profiles across platforms and devices, placing an unprecedented volume of up-to-date personal data in the hands of a small number of globally active companies. Focusing on the stage of data acquisition, the paper assesses two scenarios under which EU competition law may deem the vast amounts of data gathered by certain digital platforms excessive under Article 102(a) TFEU: excessive data “prices” and data policies as unfair trading conditions. In both cases, the competition law assessment is autonomous from other areas of the law: while a breach of data protection rules is not automatically a breach of competition law, a company adhering to data protection rules may still violate competition laws. The paper finds that EU competition law already possesses the necessary tools to address excessive data collection, while data protection rules provide much-needed context for this type of exploitative abuse.