Privacy and data protection rules are usually said to protect the individual against intrusive governments and nosy companies. These rights guarantee the individual's freedom, personal autonomy and human dignity, among others. More and more, however, legal persons are also allowed to invoke the rights to privacy and data protection. Prima facie, it seems difficult to reconcile this trend with the standard interpretation of those rights, as legal persons do not enjoy freedom, personal autonomy or human dignity and it seems uncertain why business interests should be protected under privacy and data protection rules. On second thoughts, however, it appears rather unproblematic to grant legal persons partial protection under these regimes, especially when it recognizes general duties of care for data processors and governmental agencies.