Your Nokia smartphones do not send user data to China. Confirms HMD Global through a Press release

Two days ago NRKBeta reported about Nokia 7 Plus sending user data to China. The news quickly broke out and Finland's Data Protection Board announced they will begin the investigation to know what happened. HMD Global responded to NRKBeta in an email and confirmed that "there has been an error in the packing process of software in a single batch of a telephone model, which by mistake attempted to send activation data to a foreign server. The data was never processed and no personal information was shared with third parties or authorities". 

Yesterday, HMD Global officially sent out a Press Release on the matter and explained that a batch of Nokia 7 plus had the device activation client meant for the Chinese variant mistakenly included in the software package which was trying to send the device activation data to the HMD Global Server in China. However, the data was never processed and no personally identifiable information was shared. HMD Global also said that the error has already been fixed in February 2019 and almost all devices that were affected have already installed the update.

According to HMD Global, Nokia smartphones sold in China send user activation data to their servers in China. So, if you purchased a Chinese variant of a Nokia smartphone your activation data is stored on the HMD Globalservers in China. Nokia smartphones sold outside China (the international variants) send the user activation data to the HMD Global servers located in Singapore which are provided by Amazon Web Services and follow strict policy laws which comply with GDPR requirements. HMD Global also confirmed that no other Nokia smartphones were affected.

HMD Global has explained in detail why the user data is collected, how do they manage the privacy inside the company by conducting regular audits and how to check if your Nokia 7 Plus has already received the fix for this error in the Press Release which you can read below:


What you need to know about your privacy and the alleged "data breach" on Nokia 7 Plus phones

HMD Global takes the privacy and security of its consumers seriously. With the recent news regarding the Nokia 7 Plus, it’s important that you hear about what happened from us and learn more about how we collect and store data.

We have looked deeply into the case at hand and can confirm that no personally identifiable information has been shared with any third party. We have analysed the case at hand and have found that our device activation client meant for our China variant was mistakenly included in the software package of a single batch of Nokia 7 Plus phones. Due to this mistake, these devices were erroneously trying to send device activation data to a third party server. However, such data was never processed, and no person could have been identified based on this data. To be clear, no personally identifiable information has been shared with any third party. This error has already been identified and fixed in February 2019 by switching the client to the right country variant. All affected devices have received this fix and nearly all devices have already installed it. If you want to check if your Nokia 7 Plus has received the security fix, we have included step-by-step instructions below.

There is also some speculation about other Nokia phones sharing similar data with third-party servers. We can confirm that this is incorrect speculation and no Nokia phones are impacted. All device data of Nokia Phones other than the China variant is stored at HMD Global’s servers in Singapore provided by Amazon Web Services. HMD Global takes the security and privacy of its consumers seriously and complies with all applicable privacy laws. Data collected from our devices is stored safely in accordance with applicable laws. The device data collection is further explained on our web pages. We encourage our consumers to familiarize themselves with this information and our Privacy Policy that further explains the data collection. HMD Global takes the privacy and security of its consumers seriously.

However, before you go, please take a look at our infographic and Q&A below for more information on how we collect and store data, plus step-by-step instructions to check if your Nokia 7 Plus has received the security fix.

Additional information

Why do we collect data from the devices?

We collect data from devices for two primary reasons:

  1. Activating device warranty: When the device is taken into use for the first time, it sends data to our servers. This data helps us activate warranty on the device.
  2. Improve user satisfaction: In case you choose to participate in the User Experience Program, we collect device satisfaction feedback and diagnostics data from your Nokia phone. This helps us to enhance our products and services based on your feedback.

How do we manage privacy within HMD Global?

- Our software developers are continuously trained to master local privacy requirements such as the GDPR or China Cyber Security Law requirements. This applies also to the software developers from partners working together with us. - We take privacy extremely seriously and follow ‘privacy as a design’ process. This means that all changes and updates to data collection are always approved by a privacy expert. - On top of that, we conduct regular third party audits for our data collection and management processes. - We also have strict policies in place related to technical architecture, data and access management.

Where is my device data stored if I have purchased the device for example from Europe, US or India?

  • Your data is stored in Singapore. Singapore, as you may already know, follows very strict privacy laws.

Where is my device data stored if I have purchased the device from China?

  • In order to comply with China Cyber Security law, we are obligated to store data originating from China in China. This means that only those devices that are sold in China will send data to our servers in China.

How can I check if my Nokia 7 Plus has received the security fix?

If you want to confirm your device is up to date, follow these steps:

  • Go to Settings > System > About Phone > Scroll down to “Build Number”
  • If your phone shows “00WW_3_39B_SP03” or “00WW_3_22C_SP05” as the “Build number”, you have already installed the fix on your Nokia 7 Plus.
  • If your phone is not showing either of the above, don’t worry, you can always request the latest approved build by following these steps:
  • Go to “Settings” > “System” > “Advanced” > “System Update” > “Check for Update”.
  • A Wi-Fi connection is preferred, but if not possible, you can select “Resume” to use your cellular data connection. Please be advised that using a cellular connection may incur a data charge. Check with your operator if any concerns.

Source: HMD Global