The Finnish data protection watchdog confirmed that it was investigating HMD Global's Nokia-brand phones after discovering that they were sending unencrypted data to a Chinese server. The details appeared after a user, Henrik Austad, informed the Norwegian broadcaster NRK, who investigated the violation, Reuters reports.
NRKThe investigation revealed that the contacted server was associated with the domain "vnet.cn", which is related to the public telecommunications company China Telecom. The data was sent in a format not encrypted by a Nokia 7 Plus, a first phone released last March.
In response to the report, HMD Global – which manufactures Nokia branded phones under license from Nokia – acknowledged the existence of the violation and said that this was due to "an error in the software packaging process". claiming that only one batch of a single device model was affected and that no personally identifiable information was shared with a third party. HMD however did not explain why the data was sent to a Chinese server.
Although the bug was fixed in February, the Finnish Ombudsman will investigate whether personal information has been sent, as well as any legal justification.