China, battling increased threats from cyber-terrorism and hacking, will adopt from Thursday a controversial law that mandates strict data surveillance and storage for firms working in the country, the state-run Xinhua news agency said. The law, passed in November by the country’s largely rubber-stamp parliament, bans online service providers from collecting and selling users’ personal information and gives users the right to have their information deleted, in cases of abuse. Foreign firms grapple with China’s ‘punitive’ cybersecurity laws “Those who violate the provisions and infringe on personal information will face hefty fines,” the news agency said on Monday, without elaborating. In addition to the restrictions on moving data beyond the mainland, provisions in the law include a more comprehensive security review process for key hardware and software deployed in China and a requirement to assist the authorities conducting security investigations. Another provision requires IT hardware and services to undergo inspection and verification as “secure and controllable” before companies can deploy them in China. That appears to be already tilting purchasing decisions at state-owned enterprises. Overseas business groups were pushing Chinese regulators to delay implementation of the law, saying the rules would severely hurt foreign firms. China pushes through cybersecurity law despite foreign business fears Until now, China’s data industry has had no overarching data protection framework and is governed instead by loosely defined laws. However, overseas critics say the new law threatens to shut foreign technology companies out of sectors the country deems “critical” and it includes contentious requirements for security reviews and data stored on servers in China.