The identification of personal information adopts the method of association definition, and the Personal Information Protection Law has both public and private legal norms, among which private law norms are specific provisions of the Civil Code. The General Data Protection Regulation (GDPR) of the European Union, which serves as a legislative model for China, emerged in the context of the lawsuit between the US Department of Justice and Microsoft. The internal logic of China ’ s personal information protection law is similar to this, both of which aim to balance the protection and use of personal information and block the long arm jurisdiction of the United States, in order to safeguard national data sovereignty. In the rules of informed consent, there are still many pain points regarding the obligation to inform. Consent should be considered a civil legal act, and the authenticity of consent should be explored in labor relations. Withdrawal of consent should be restricted in the context of contract law; The portability right is prone to encounter application difficulties in affiliated enterprises, and the legal provisions should be interpreted based on the system and understood in conjunction with specific application scenarios; The protection of personal information of the deceased needs to be improved in terms of practical institutional design in the field of personal information protection law, and the scope of close relatives should be appropriately limited and the order of branch rights should not be distinguished; Cross border provision of personal information is not feasible in the context of big data and online shopping. Therefore, the convenience of transactions should be taken into account, and personal information should be regulated according to sensitivity levels to achieve a balance between protection and utilization.