Filed in the US District Court for the Northern District of California, the lawsuit challenges Meta’s essential privacy assertion — that E2EE ensures no one, including WhatsApp itself, can read user messages.
According to Bloomberg, the plaintiffs contend that Meta’s claims are “false and misleading,” asserting that WhatsApp can still “store, analyze, and access virtually all” communications on the platform.
Representing users from India, Brazil, Australia, Mexico, and South Africa, the lawsuit further alleges that Meta possesses the technical ability to decrypt and examine message content for internal monitoring and data analysis.
Meta has dismissed the lawsuit as “frivolous” and “absurd.” Company spokesperson Andy Stone indicated that Meta would pursue legal sanctions against the plaintiffs’ counsel.
The strong rebuttal highlights the significance of E2EE to WhatsApp’s identity — a commitment that only senders and recipients, not even the platform, can access their messages.
Global policy conflict over encryption
WhatsApp is concurrently facing regulatory challenges in Europe, where new child-safety regulations could compel messaging apps to compromise E2EE.
Europe is advancing an extensive proposal to address child sexual abuse (CSA), including provisions that would enable platforms to detect, report, and remove content within private messaging — a move that would necessitate client-side or server-side scanning of encrypted messages.
The EU Regulation to Prevent and Combat Child Sexual Abuse — commonly known as “Chat Control” — aims to legally authorize the scanning of encrypted communications.
A proposal by the European Commission in May 2022 established risk-assessment responsibilities for providers. Subsequent Council positions progressed further, making voluntary detection permanent beyond the April 2026 ePrivacy derogation deadline and categorizing services into risk tiers for potential mandatory scans.
Encryption-centric platforms like WhatsApp and Signal assert that these frameworks effectively undermine E2EE by introducing access points for third parties and expanding the surveillance scope for over 2 billion users.
The context of privacy breach allegations
This legal dispute unfolds against a backdrop of ongoing privacy and data-sharing controversies involving Meta and WhatsApp.
In September 2025, former WhatsApp security lead Attaullah Baig claimed that approximately 1,500 engineers had unauthorized data access, violating FTC terms, igniting retaliation claims.
Regulatory bodies have also intervened. In November 2024, India’s CCI fined WhatsApp $25.4 million and prohibited data sharing with Meta’s applications for five years.
In July 2024, São Paulo prosecutors pursued $311 million over enforced cross-platform sharing. In May 2025, Meta secured $168 million from NSO Group regarding spyware intrusions.
These actions are reflective of GDPR-related fines and ongoing EU investigations, with Meta consistently denying any violation of encryption protocols.
