In a statement, Nokia phone brand owner HMD Global said that it “mistakenly included” the device activation software for Chinese phones in a “single batch” of Nokia 7 Plus devices meant for other countries.
HMD Global added that the data was ‘never processed” and was not personally identifiable. The issue was fixed through a software update in February 2019, and “nearly all” phones have already received the patch.
The company has insisted that other phones were not sending similar data. To clarify, HMD Global said that every Nokia phone outside of China sends device data back to HMD Global servers (provided by Amazon Web Services) in Singapore, and they abide by all local laws.
HMD Global is quite nervous about Finland investigating claims that the company's Nokia headsets sending sensitive data to Chinese servers. While this statement won't put the investigation to rest, it does provide HMD Global's side of the story. While the data won't directly identify a person, it's worth noting that it could potentially be used with corroborating information to get a clearer picture of the user's life. Nonetheless, it appears that the issue has been fixed, even though the issue put data at risk directly from the factory.