Jiangxi: Development and Reform Commission announces Jiangxi Data Regulations
The Jiangxi Development and Reform Commission announced, on 28 April 2022, the draft Jiangxi Provincial Data Regulations. In particular, the Regulations define data activities, such as data processing, which includes data collection, storage, use, transmission, provision, and disclosure. Likewise, the Regulations establish that data governance includes activities such as data classification, completion, integration, cleaning, and desensitisation. More specifically, the Regulations outline requirements surrounding public data, stating that no unit may regard public data as their own property and add conditions that affect public data's collection, sharing, opening, or use. Furthermore, the Regulations detail that public data (which involves personal information such as medical data or cultural education, but which cannot identify a specific individual and cannot be recovered after anonymisation) must be aggregated to a unified data sharing exchange platform.
On the other hand, the Regulations provide, with regard to non-public data, that data processors must obtain personal consent for data involving personal images, identification, and other personal information. However, the Regulations add that data processors must not refuse to provide products and services on the grounds that individuals do not consent to such processing, unless the processing of personal information is necessary for the provisions of products and services. Accordingly, the Regulations note that, in order to process sensitive personal information, which includes biometrics, religious beliefs, specific identities, financial accounts, and location data, written consent must be obtained.
In addition, the Regulations clarify certain data security requirements for data processors, namely that if there are multiple data processors, each processor bears corresponding security responsibilities, and that if a data processor changes due to a merger or sale, the changed processor will bear data security responsibility.
You can read the Regulations, only available in Chinese, here.