With the advent of socio-technical systems that gather and process personal data, the capacity to identify and even locate people in an automated fashion has dramatically increased. This article discusses what militaries need to know about data protection and the right to digital privacy/private life when personal data is processed. The focus in this discussion is on sensitive data that makes individuals identifiable. It is here argued that the right to data protection and the right to digital privacy/private life are distinctive and separate rights and should be treated as such, despite some overlaps. Although the law of armed conflict approaches processing of sensitive data in a topical manner, it remains firm on the delimitation between what is permissible and what becomes unlawful when it comes to processing data. This article illustrates that elements of both data protection and protection of the right to privacy/private life can be traced in the law of armed conflict. In fact, both rights remain distinctive also in times of armed conflict and must be separately protected through obligations of result as well as obligations of conduct.