The goal of this contribution is to address the complex relationship between taxation law and the protection of taxpayers’ data, primarily from the perspective of EU data protection law and in connection with mechanisms of exchange of information. This article points out at the outset that the legislation protecting personal data in tax matters at EU level is still rather fragmented, and that the body of jurisprudence of the Court of Justice of the European Union and of the European Court of Human Rights has not yet fully developed specific guidance, especially as regards the compatibility of automatic exchange of information with the right to the protection of personal data. In light of this, the research takes as a reference point the case law on the right to the protection of personal data in matters not related to taxation, with a view to assessing whether useful indications and principles could be transposed to the field of taxation. In addition, the analysis will offer some insights into (i) the available safeguards in the hands of taxpayers during the processing of their personal data by tax authorities; and (ii) the consequences of the adoption of the General Data Protection Regulation for Directive 2011/16/EU on exchange of information in tax matters, and for international agreements based on the FATCA and CRS frameworks.