Abstract: The interests of data security, directly related to the objects that should be protected by data security legislation, involvs three levels: personal security, public security and national security.There are many difficulties in China's data security legislation, such as the basic problems which have not been clarified, the governance consensus which still needs to be promoted, the core system supply which is insufficient, the key link supervision which is not strong, the international game response is weak, and the legislative technology needs to be improved. In the future, China's data security legislation should not only continue to strengthen the research on the basic theory of data, but also adjust the legislative thinking according to the current practical problems of data security. In terms of legislative orientation, it is suggested to be based on the function of security guarantee, avoid the generalization of data security interests, deal with the internal coordination problems of the data security law, the personal information protection law, and the cybersecurity law, deal with the problems of legislation coordination outside the security legislation system such as export control law, foreign investment law and civil code; in terms of system construction, it is suggested to coordinate the inward security and outward security, and strengthen the construction of core system; in terms of standardization focus, it is suggested to shift from data collection to data processing, and strengthen the standardization of core links; in terms of normative methods, it is suggested to adopt both main body regulation and behavior regulation, and pay attention to special subjects; in terms of legislative technology, it is suggested to pay attention to the special subjects that depends on the impact of legislation.