DCC summary, not a translation. GB/T 42460-2023 is a copyrighted national standard. The structured summary below is DCC’s own paraphrase of the standard’s framework, for overseas compliance teams.
Scope
GB/T 42460-2023 provides the goals, principles, framework and methods for evaluating the effectiveness of personal-information de-identification (去标识化) — that is, for judging whether a dataset that has been put through a de-identification process carries an acceptably low risk of re-identification. It applies to organizations evaluating the de-identification of their own datasets, and serves as a reference for assessors and regulators reviewing de-identification work.
It is a recommended standard. It is the natural companion to GB/T 37964 (the Guide for De-identification of Personal Information): where GB/T 37964 explains how to perform de-identification, GB/T 42460 explains how to test whether it succeeded.
Key contents
The standard frames de-identification effectiveness in terms of re-identification risk and walks through how to evaluate it.
Concepts and goals. It works from the PIPL/standards definitions of de-identification (processing so that personal information cannot identify a specific natural person without additional information) and anonymization (processing so that the subject cannot be re-identified and the data cannot be restored), and frames the evaluation goal as confirming that residual re-identification risk is controlled to an acceptable level given the data-use scenario.
Evaluation principles. Effectiveness is assessed relative to the release/sharing scenario and the resources a realistic attacker could bring to bear; the evaluation must consider both direct identifiers and quasi-identifiers, and the possibility of linkage with external datasets.
Identifiers and attributes. Guidance on distinguishing direct identifiers, quasi-identifiers and other attributes, since the re-identification risk turns largely on quasi-identifier combinations.
Evaluation framework and methods. An evaluation process and a set of methods/metrics for testing residual risk — addressing re-identification attack models (singling-out, linkage and inference), the de-identification models applied (such as generalization, suppression, pseudonymization and aggregation), and how to judge whether the chosen technique and parameters achieve the target risk level for the intended disclosure context.
Reporting. Guidance on documenting the evaluation and its conclusion.
The annexes provide reference material on attack models, risk metrics and worked considerations.
How it fits the regime
De-identification and anonymization are load-bearing concepts in PIPL. PIPL defines both terms (Article 73); anonymized information falls outside the definition of “personal information” (Article 4) and so outside the law’s scope, whereas de-identified information is still personal information and remains regulated. The practical question — has a dataset been de-identified or anonymized well enough? — is exactly what GB/T 42460 helps answer.
For overseas compliance teams, the standard matters whenever a Chinese operation relies on de-identification to reduce risk (for analytics, sharing, secondary use, or to argue data has been anonymized out of PIPL’s scope). It supplies the test method to back that reliance, and it pairs with GB/T 37964 (de-identification technique), GB/T 35273 (which calls for de-identified/encrypted storage of sensitive data) and the impact-assessment standard. It does not lower any statutory threshold — it is the evidentiary method for showing a de-identification claim holds up.