Nokia phone brand owner HMD Global is understandably nervous about Finland investigating claims that its handsets send sensitive data to China, and it's trying to clear its name. The company said in a statement that it "mistakenly included" the device activation software for Chinese phones in a "single batch" of Nokia 7 Plus phones meant for other countries. However, that data was "never processed" and wasn't personally identifiable, according to the company. It was fixed through a software update in February 2019, and "nearly all" phones already have that patch.
The company also rejected talk that other phones would send similar data. Every Nokia phone outside of China sends device data to HMD Global servers (provided by Amazon Web Services) in Singapore, the company said, and abides by local laws.
This won't necessarily put the Finnish investigation to bed, and the claims about the nature of the data don't paint a full picture. While they don't directly identify a person, they could be used with corroborating info to get a clearer picture of that person's life. Still, the issue appears to have been fixed -- it's just an unpleasant reminder that a slip-up at the factory is enough to put data at risk.