The Finnish data protection watchdog thinks Nokia parent company HMD Global may have violated the European Union General Data Protection Regulation (GDPR) rules. Nokia-branded phones are reportedly sending unencrypted data to a Chinese server.
This comes after a user tipped the Norwegian government-owned radio and television public broadcasting company, NRK. They then investigated the breach. Henrik Austad said he had been monitoring the traffic from his Nokia 7. He found that it was sending unencrypted information to a Chinese server while switched on. The data in question included his location, as well as the SIM card number and the serial number of the phone.
According to reports by Reuters, NRK’s investigation showed the contact server’s association with the domain, “vnet.cn.” It also linked the domain to the state-owned telco China Telecom.
The data was supposedly sent in an unencrypted format by a Nokia 7 Plus. The phone was first released in March 2018. HMD Global admitted that the breach occurred due to “an error in the software packaging process”. It also explained that the error only affected a single batch of one of the device models. They added that they did not share important information with any third party.
This sees the Finnish agency investigating all personal information sent and the legal justification for doing so. A first-gen version of the phone, the Nokia 7, launched in October 2017.