Central bank digital currency (CBDC) is generally defined as the digital form of a country’s fiat currency. Based on the distributed ledger technology and other financial technology, CBDC could improve the efficiency of domestic and cross-border payments, increase payment safety and soundness, and promote financial inclusion. However, it is argued that the introduction of CBDC would threaten data security and invade personal privacy. Currently, this issue has received growing concern, and some recommendations are proposed by countries or international organizations, like privacy design, restrictions on public authorities and payment intermediaries, and establishing independent supervisory authority. Other suggestions include getting countries involved in international coordination and promoting the formation of unified standards. Among major economies, China is the first to launch CBDC, which is known as e-CNY. Based on an overview of the privacy protection legislation in China, this article attempts to describe the rules that should be followed when dealing with personal data generated in e-CNY circulation.