Finland's data protection watchdog is investigating Nokia owner HMD over claims its mobiles sent data to Chinese servers. The probe follows a report by Norway's public broadcaster NRK in which it claimed to have proof that Nokia phones are transmitting sensitive information to China based on a tip from a Nokia owner. The man in question, Henrik Austad, said he'd been monitoring the traffic from his Nokia 7 Plus only to find it was sending unencrypted information to a Chinese server while switched on. The sensitive data reportedly included his location, as well as the SIM card number and the phone's serial number.
NRK said its own findings indicated the server was under the domain "vnet.cn," which is reportedly managed by state-owned telecommunications company China Telecom. Finland's data protection ombudsman Reijo Aarnio told Reuters he would assess whether there were any breaches that involved "personal information and if there has been a legal justification for this."
Finnish startup HMD Global, which signed a ten-year license with Microsoft for the Nokia brand in 2016, reportedly admitted to NRK that a batch of Nokia 7 Plus phones had sent data to China. It said it had fixed the "error" in a January software update that most customers had installed. HMD claimed the phones didn't send any personal data that could identify their owners. Though the Nokia 7 Plus was never originally released in the US, a second-gen version, the Nokia 7.1, arrived here in October 2018.
Pointing to the stricter privacy laws imposed by the EU last year, Aarnio told NRK that his first reaction was "that this can at least be a violation of the GDPR legislation." Google already fell foul of the guidelines in France earlier this year, where it was hit with a €50 million (about $57 million) fine for its alleged opaque data consent policies.