China has unveiled a comprehensive set of draft regulations aimed at bolstering personal information protection and ensuring the secure handling of data by large online platforms. Released jointly by the Cyberspace Administration of China (CAC) and the Ministry of Public Security, the draft seeks to enhance individual rights and foster the sustainable growth of the platform economy. Key provisions mandate that personal data collected and generated within China must be stored domestically. Any cross-border data transfers must adhere to stringent national security protocols. Platforms are required to implement robust technical and managerial safeguards to mitigate risks associated with unauthorized overseas data transfers. Additionally, the draft emphasizes the need for data centers to meet national security standards and be located within China. Service providers must offer users accessible methods to manage their personal information, including options to access, correct, supplement, delete, or transfer their data. In cases of severe lapses in data protection—such as repeated violations or large-scale breaches affecting over a million individuals—platforms may face compliance audits and risk assessments conducted by third-party experts. The draft also encourages the adoption of advanced technologies like national network identity authentication and data labeling to elevate data security. Public feedback on the draft is being accepted until December 22, with authorities committed to responding to complaints within 15 working days. The CAC and Ministry of Public Security have underscored the importance of maintaining confidentiality for all parties involved in handling sensitive information.