While this model resembles, and has derived ample inspiration from, the GDPR, it misses the generality of the European approach: where China has recreated the consumer protection aspect of the GDPR to a significant degree, it has not emulated the European foundational principle that privacy is a fundamental right. Most importantly, the PIPL largely leaves the power of government bodies untouched, as it does not impose any meaningful constraints on their ability to collect and process data.

This seems odd to highlight? It seems to be implying that PIPL differs from GDPR because it leaves government untouched but last I checked governments were also exempt from GDPR?

Anyway, putting aside a few things that seem like brainworms like the above this is a good paper that provides useful incite and will be a good useful reference for people to completely and totally ignore when trying to point out that China has better data protections than the US…