Commerce in some data is, and should be, limited by the law because some data embody values and interests—in particular, human dignity—that may be detrimentally affected by trade. In this Article, drawing on the Roman law principles regarding res extra commercium, we investigate the example of personal data as regulated under the EU Charter and the GDPR. We observe that transactions in personal data are not forbidden but subject to what we call a dynamically limited alienability rule. This rule is based on two dynamic variables: The nature of data and the legal basis for commercially trading such data at a primary or secondary level. Accordingly, in order to deal with such dynamism and the uncertainty it poses, we propose a general two-stage reasonableness test that should help legal practitioners, judges, and lawmakers to consider when trade in data is illicit and who, if anyone, shall be held responsible for this mischief. Finally, we show how the two-stage test and the limited alienability rule can advance European contract law and help enforce legal principles associated with such data extra commercium in automated and autonomous data trading systems.