This chapter examines data protection laws in Germany, the United States, and China. We describe the most important legal sources and principles of data protection and emphasize the rights of data subjects, with particular attention to personal and sensitive data. The legal frameworks for data protection on crowdsourcing platforms in the three countries show significant differences, but also some similarities. In the United States no federal omnibus regulation on the protection of personal data exists so far. The state of California recently enacted a consumer protection law similar to the GDPR. China started developing its privacy legislation after Germany and the United States, in some parts again similar to the GDPR. A characteristic of the Chinese approach is the different protection regime of personal rights with respect to private actors and to the state government. While privacy rights have expanded in the private sector, threats to privacy posed by state actors have received little attention in Chinese jurisprudence.