On 15 October 2023, China’s cybersecurity technical standards body (TC260) closed the consultation on its draft standards regarding security requirements for automated decision-making based on personal information. The standards are applicable for personal information processors engaged in automated decision-making activities to standardise their personal information processing and decision-making activities. The standards apply to regulatory authorities and third-party assessment agencies as a reference when supervising, managing, and evaluating automated decision-making processes. The objective is to provide guidance on how to determine if an algorithm is operating safely and to identify automated decisions that might impact a user's legal rights and interests. The standards stipulate the requirements for data security and personal information protection obligations of personal information processors in their automated decision-making activities. Further, they require transparency in data processing and automated decision-making in typical application scenarios and fairness in decision outcomes.
Original source