Chinese data protection seems to be problematic. On the one hand, it does exist, at least formally, especially after the reform initiated by the adoption of the Cybersecurity Law and finished by the Personal Information Protection Law entering into force. However, the mere adoption of personal data protection regulations does not guarantee that they provide personal data protection at an appropriate level. For EU law, the adequacy standard is the reference point for verifying personal data protection in a third country. Therefore, it is necessary to meet specific criteria summarising the term of essential equivalence, as introduced by the Court of Justice of the European Union. This article discusses the three most critical problems that result from comparing the provisions of the Chinese Cybersecurity Law, the Civil Code, the Data Security Law and the Personal Information Protection Law with the EU’s adequacy standard. The article consists of the introduction, four parts and closing remarks. The first part explains the methodology of research on Chinese data protection law and criteria applied to its examination. The second, third and fourth parts discuss the complicated relationships between the laws related to the protection of personal data, the status of state authorities as data controllers and multi-stakeholder supervision over personal data protection.