Finland to Investigate Suspected Nokia Chinese Data Breach

Finnish authorities will launch an investigation into claims that Nokia phones have been transmitting users’ personal data to China, the country’s data protection ombudsman announced on Thursday.

“Based on our initial analysis it appears that personal data has also been transferred (to China),” Reijo Aarnio, Finland’s data protection ombudsman, told the news agency STT.

The Norwegian broadcaster NRK published claims on Thursday that data from Nokia’s 7 Plus mobile phones, including location information and serial numbers, has been sent to servers of the state-owned company China Telecom.

“The idea is that data moves freely within the EU, but when we go outside the EU, there must always be a legal basis,” Aarnio said.

“We are requesting information to try and find out whether there was a legal basis in this case. The second thing is how notification has worked, so were phone users aware that information about them is being transferred to China?” he said. 

The Finnish-owned company HMD Global, which manufactures Nokia handsets and has recently seen robust sales growth on the Chinese market, told NRK that some information from the 7 Plus handset has been sent to China, but denied that individual users can be identified from the data.

“We can confirm that there has been an error in the software packing process in a single batch of one handset model, which mistakenly attempted to send activation data to a foreign server,” the company said in a statement reported by NRK.

“The data was never processed and no personal information was shared with third parties or authorities,” it said. 

“This has now been fixed and almost any device affected by this error has now installed the update. HMD Global takes the safety and privacy of our customers seriously,” the company said.

In recent years, data security concerns over smartphones and network equipment made by the Chinese telecoms giant Huawei have drawn warnings from western intelligence agencies and seen the company banned from selling its 5G network equipment to US, Australian and New Zealand markets.