Personal data is everywhere. Individuals leave data trails through their use of various technologies, often without their knowledge or consent. This data can be repurposed by businesses for the purposes of marketing or other secondary research. However, it is also being used by other entities, such as the pharmaceutical and insurance industries, and it is beginning to be used by law enforcement in the context of legal proceedings and criminal investigations. This is an exploratory chapter, which discusses the impact of electronic contracts and privacy policies on individuals’ rights in their personal data. This discussion is centred on two examples: direct-to-consumer genetic tests (DTC or personal genomics); and wearable devices. Both these industries are examples of new technologies that have created new markets and both involve the collection and processing of consumers’ data that has the potential to be reused for a wide range of secondary purposes. Often contracts and privacy policies are relied upon by businesses to govern their relationships with consumers and also to allow for reuse of such data and currently, business practices may often not be in compliance with the EU’s General Data Protection Regulation (GDPR).