The 2013 publication of the Tallinn Manual on the International Law Applicable to Cyber Warfare confirmed the view of the majority of the international group of experts that data was not an object and therefore not subject to the rules of targeting during an armed conflict. Intuitively, a number of scholars reacted negatively to this view, and instead were drawn to the Tallinn Manual minority position that data did constitute an object. The significance of data, particularly personal data, is only increasing, and the purpose of the law of armed conflict is to reduce the deleterious impact of armed conflict on the civilian population. Focusing on tangibility, on corporeal physicality, as a prerequisite for the application of the law of targeting is anachronistic and unnecessary. However, an intuitive response to the majority view can easily overlook the nuances inherent in the view. First, whenever physical consequences—death, physical damage, or loss of functionality—accompany or result from the targeting of data, the rules of targeting apply. Second, special legal protections in the law of armed conflict apply to data whether or not data constitutes an object. Third, it is fallacious to assume that if data is not an object military data cannot be targeted. Either data is not an object and targeting rules do not apply such that military and civilian data can both be targeted, or data is an object and only military data can be targeted. In either situation, military data can legitimately be targeted and destroyed during an armed conflict. The key point of difference is the targeting of civilian data where no physical destruction or other damage occurs. Here, targeting is permissible if data is not an object, and impermissible if it is. States are yet to clarify their views on this scenario and it is likely that such clarification will only come in response to a major incident involving the destruction of civilian data without accompanying physical damage.