Artificial Intelligence, Profiling and Automated Decision Making | China | Global Data and Cyber Handbook

Artificial Intelligence, Profiling and Automated Decision Making

Jump to

Artificial Intelligence, Profiling and Automated Decision Making Start Comparison

Are there any restrictions or requirements related to creating profiles of data subjects or utilizing automated decision-making for decisions related to data subjects, including with respect to artificial intelligence?

Last review date: 13 January 2025

Yes

The restrictions or requirements are as follows:

data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her

other

Prior to adopting automated decision-making measures, personal information processors should carry out a personal information protection impact assessment and keep the relevant records for at least three years, according to the PIPL.

E-commerce operators must not restrict consumers' choice of transaction based on automated decision making by providing options that are not based on relevant consumers' personal features.

When automated decision making is used to conduct an information push or commercial marketing, options not based on personal traits must be provided. Alternatively, convenient ways of rejecting automated decision making should be provided.

A provider of online information services using a recommendation algorithm must disclose its use of the recommendation algorithm (including the basic principles, purposes and intent, as well as the main operating mechanism) to users to ensure transparency.

The restrictions or requirements are as follows:

qualified right not to be subject to a decision based solely on automated decision making, including profiling – for example, only applicable if the decision produces legal effects concerning them or similarly significantly affects them

right to information / transparency requirement

other

Where automated decision making is provided via recommendation algorithms, the relevant online information service providers shall (a) inform users of their provision of recommendation algorithm-based services in a prominent manner and publicize the basic principles, purposes, and main operation mechanisms of the recommendation algorithm-based services in an appropriate manner; (b) provide users with an option where the recommendation algorithm-based services will not target their personal characteristics or a convenient option to close such services. If a user chooses to end its use of recommendation algorithm-based services, the service provider shall immediately stop providing the relevant services; (c) provide users with the function of selecting or deleting user tags with respect to their personal characteristics to be used for recommendation algorithm-based services; and (d) if the application of algorithms has a major impact on the rights and interests of users, explain the same in accordance with the law and bear the corresponding liability.

If such restrictions or requirements exist, are they subject to any exceptions?

Last review date: 13 January 2025

Has the data privacy regulator issued guidance on data privacy and artificial intelligence, automated decision-making or profiling?

Last review date: 13 January 2025

Yes

If yes, please provide brief details and a link.

Aside from the requirements explained above, the use of recommendation algorithms in providing generative artificial intelligence services in China generally necessitates the implementation of effective measures to prevent discrimination based on race, ethnicity, beliefs, nationality, religion, gender, age, occupation, health, etc., in processes such as algorithm designs, the selection of training data, model generation, and optimization, or the provision of services.

In 2024, the following guidelines were released to provide best practices for the general use of artificial intelligence:

TC 260-003 Basic Security Requirements for Generative Artificial Intelligence Service (in Chinese only)
Artificial Intelligence Security Governance Framework 1.0 (in Chinese only)
Generative Artificial Intelligence Service Content Labeling Method (in Chinese only)

Various standards and guidelines regarding the compliance of generative artificial intelligence services (e.g., data annotation, pre-training and fine-tuning data, emergency response) and automated decision-making are still in draft form.

Has the data privacy regulator taken enforcement action in relation to artificial intelligence, including automated decision-making or profiling?

Last review date: 13 January 2025

Enforcement activity against AI developer(s)
Enforcement activity under existing privacy law
Enforcement activity under AI-specific law
Enforcement activity by data or cyber regulator

Do other (non-personal data or cybersecurity) laws or regulations impose restrictions on use of artificial intelligence, automated decision-making or profiling?

Last review date: 13 January 2025

Yes, laws in force

If yes, please provide brief details and a link.

Three pieces of rules and measures have been issued:

Provisions on Administration of Recommendation Algorithms in Internet-based Information Services
Provisions on Administration of Deep Synthesis in Internet-based Information Services
Interim Measures for the Management of Generative Artificial Intelligence Services

Global Data and Cyber Handbook

China

Select a Topic