Meta is facing a lawsuit filed by an international group of plaintiffs over alleged ‘false’ privacy claims about WhatsApp’s end-to-end encryption.
The group, which includes plaintiffs from Australia, Brazil, India, Mexico, and South Africa, alleges that Meta stores the content of users’ communications and employees can get access to them.
According to Bloomberg, Meta has dismissed the lawsuit as “frivolous” and said it plans to seek sanctions against the plaintiffs’ lawyers. The company also called it “categorically false and absurd” to claim that WhatsApp messages are not encrypted.
Meta (then Facebook) acquired WhatsApp in 2014 for $19 billion, in one of the biggest tech acquisitions in history. This saw Facebook grow its user base exponentially, cementing its place in the social media space.
Currently, WhatsApp serves more than 3 billion monthly active users worldwide, making it the most popular messaging platform on the planet.
READ: Kenya High Court Confirms WhatsApp Texts Are Legally Binding
One of WhatsApp’s main selling points is its promise of end-to-end encryption. This means only the sender and the intended recipient can read or listen to messages. Not WhatsApp, not Meta, not hackers, and not even governments can access the content.
In short, WhatsApp’s servers only pass along encrypted data and cannot read or understand it.
Despite being the world’s largest messaging app, it is not widely seen as the safest. Platforms like Signal, which is open source and non-profit, or Briar, which relies on highly decentralized peer-to-peer communication, are often considered more secure.
While WhatsApp uses strong encryption, it collects more metadata and, most importantly, is owned by Meta, a company with a troubled history on data privacy.
So, is there a meaningful distinction between saying, “WhatsApp cannot read your messages,” and saying, “Nobody can read your messages”?
The latter would not be technically accurate, since once a message is sent, WhatsApp no longer controls what recipients do with it, including taking screenshots, forwarding messages, or copying and pasting content.
Another thing to note is that end-to-end encryption protects data in transit, but not devices. For instance, when someone hacks your phone or installs spyware, they can access the chats because at this point, the phone is the endpoint, and if you didn’t know, WhatsApp does not bear any responsibility for endpoint security.
This is why Meta’s wording is important. When they say, “WhatsApp cannot read your messages,” it is a technically accurate claim that is deliberately narrow.
It is easier to defend in court and applies only to WhatsApp’s own infrastructure. This lets Meta assert strong privacy protections while avoiding responsibility for what happens on users’ devices or third-party platforms.
However, one major issue remains: metadata. WhatsApp may not read the content of your messages, but it still collects and analyzes communication patterns.
Even with end-to-end encryption, the app knows who you talk to, when you chat, how often you connect, and some information about your device.
This case could finally clarify what the app’s end-to-end encryption really protects, how much user data the platform stores, and the true limits of privacy. More importantly, it could strengthen data protection for users by pushing Meta to be more transparent and accountable.
