A recent article by the Norwegian Broadcasting Corporation has uncovered a serious breach of GDPR. Nokia 7 Plus phones would send a packet with personal information every time the phone booted or unlocked.
Apparently it has been patched with a recent update, and therefore fixed.
But, EU with its GDPR law better pursue this.
Read the article here (Translated from Norwegian to English, and the translation seems to hold up):
Original just in case:
Edit: Latest news is that Finland data protection authority is opening an investigation.