NRK said its own findings indicated the server was under the domain "vnet.cn," which is reportedly managed by state-owned telecommunications company China Telecom. Finland's data protection ombudsman Reijo Aarnio told Reuters he would assess whether there were any breaches that involved "personal information and if there has been a legal justification for this."

Finnish startup HMD Global, which signed a ten-year license with Microsoft for the Nokia brand in 2016, reportedly admitted to NRK that a batch of Nokia 7 Plus phones had sent data to China. It said it had fixed the "error" in a January software update that most customers had installed. HMD claimed the phones didn't send any personal data that could identify their owners. Though the Nokia 7 Plus was never originally released in the US, a second-gen version, the Nokia 7.1, arrived here in October 2018.

Pointing to the stricter privacy laws imposed by the EU last year, Aarnio told NRK that his first reaction was "that this can at least be a violation of the GDPR legislation." Google already fell foul of the guidelines in France earlier this year, where it was hit with a €50 million (about $57 million) fine for its alleged opaque data consent policies.