Lawsuit alleges Meta can read WhatsApp chats; company calls it frivolous

Meta is facing yet another privacy firestorm. An international group of plaintiffs has filed a class‑action lawsuit accusing Meta-owned WhatsApp of deceiving billions of users by allegedly keeping “backdoor” access to messages it markets as fully end‑to‑end encrypted (E2EE).Filed in the US District Court for the Northern District of California, the lawsuit challenges Meta’s core privacy pitch — that E2EE prevents anyone, including WhatsApp itself, from reading user messages.
According to Bloomberg, the plaintiffs argue Meta’s assurances are “false and misleading,” alleging WhatsApp can still “store, analyse, and access virtually all” communication on the platform.
Representing users across India, Brazil, Australia, Mexico, and South Africa, the suit further claims Meta retains the technical capability to decrypt and review message content for internal monitoring and data analysis.

Meta has dismissed the lawsuit as “frivolous” and “absurd.” Company spokesperson Andy Stone said Meta would seek legal sanctions against the plaintiffs’ counsel.

The sharp pushback underscores how central E2EE is to WhatsApp’s brand — a promise that only senders and recipients, not even the platform itself, can read their messages.

Global policy fight over encryption

WhatsApp is simultaneously battling regulatory pressure in Europe, where emerging child‑safety rules could force messaging apps to weaken E2EE.

Europe is advancing a sweeping proposal to combat child sexual abuse (CSA), including measures that would let platforms detect, report, and remove material inside private messaging — a move that would require client-side or server-side scanning of encrypted conversations.The EU Regulation to Prevent and Combat Child Sexual Abuse — widely dubbed “Chat Control” — aims to give legal grounds for scanning encrypted channels.

A May 2022 European Commission proposal set risk‑assessment duties for providers. Later Council positions went further, making voluntary detection permanent beyond the April 2026 ePrivacy derogation deadline and categorising services into risk tiers for possible mandatory scans.

Encryption-heavy platforms like WhatsApp and Signal argue these frameworks effectively break E2EE by introducing third‑party access points and widening the surveillance surface for more than 2 billion users.

The background of privacy breach allegations

The legal battle lands amid a background of recurring privacy and data-sharing disputes involving Meta and WhatsApp.

In September 2025, former WhatsApp security head Attaullah Baig alleged roughly 1,500 engineers had unaudited data access in violation of FTC terms, triggering retaliation claims.

Regulators have also intervened. In November 2024, India’s CCI fined WhatsApp $25.4M and blocked data sharing with Meta’s apps for five years.

In July 2024, São Paulo prosecutors sought $311M over forced cross-platform sharing. In May 2025, Meta won $168M from NSO Group over spyware breaches.

These actions mirror GDPR-linked penalties and ongoing EU probes, with Meta consistently denying any breach of encryption.