This paper identifies the unprecedented challenges that the prospects of an `ambient intelligence' era (involving the development of the `internet of things', with wide dissemination of RFIDs, ubiquitous computing, `smart' objects and surveillance devices) raise from the points of view of `privacy' and data protection. Privacy and data protection are identified, in line with Agre's conceptualization, as complementary and interdependent legal instruments aimed at preserving the individual freedom to build one's own personality without excessive constrains and influences, and to control some aspects of one's identity that one projects on the world. The `performativity' and the distribution of agency that characterize AmI systems are exposed as transversal concerns that threaten the fundamental value grounding both privacy and data protection laws: respect for individual autonomy. The relevance, applicability and adequacy of the European privacy and data protection legal frameworks to deal with those unprecedented challenges are then assessed. That assessment required the rethinking of the scope and the normative grounds of what is meant by the `right to privacy.' Privacy, it is argued, is an instrument for fostering the specific yet changing autonomic capabilities of individuals that are, in a given society at a given time, necessary for sustaining a vivid democracy. What those needed capabilities are is obviously contingent both on the characteristics of the constituency considered, and on the state of the technological, economic and social forces that must be weighed against each other through the operation of legislative balancing. Capacity for both reflexive autonomy allowing one to resist social pressures to conform with dominant drifts, and for deliberative abilities allowing one to participate in deliberative processes are arguably among the skills that a vivid democracy needs citizens to have in the circumstances of our times. The value of privacy today, it will be argued, resides in the support it provides for individuals to develop those aptitudes. Acknowledging both the `intermediate' value of privacy, and its `social-structural' value, the paper aims at clarifying the conceptual intricacies characterizing privacy and data protection, in view of the emerging challenges raised by the exponential development of information and communication technologies on the threshold of an `ambient intelligence era.' Finally the applicability of the European data protection scheme to the types of data processing involved in Ambient Intelligence, and the compatibility of the technical visions embedded in those systems with the fundamental data protection principles, are critically explored.