A group of WhatsApp users from multiple countries has filed a class action lawsuit in the United States accusing Meta Platforms and its subsidiary WhatsApp of falsely claiming that users’ messages are protected by end-to-end encryption.
The suit, filed before the US District Court for the Northern District of California, alleges that despite repeated public assurances that “not even WhatsApp” can read user messages, Meta and WhatsApp store, analyse and access the contents of encrypted communications of users worldwide.
"These claims are false. WhatsApp and its parent company, Meta, store, analyze, and can access virtually all of WhatsApp users’ purportedly “private” communications. Senior leadership at Meta has tried over the years to prevent the dissemination of this information by siloing different teams that might be able to piece together the truth and directing them to “stay in [their] own lane[s]," the complaint said.
According to the complaint, WhatsApp has for years marketed itself as offering complete privacy through end-to-end encryption, telling users that messages “stay between you and the people you choose.” These assurances, the plaintiffs say, were reinforced by statements made by Meta CEO Mark Zuckerberg to the US Senate that Facebook systems cannot see WhatsApp message content.
The plaintiffs, however, allege that these representations are “false,” asserting that Meta employees can obtain near-real-time access to WhatsApp messages through internal tools by submitting simple access requests to Meta engineers.
While certain high-profile users such as politicians and celebrities are allegedly subject to heightened monitoring, the complaint states that Meta still retains access to their messages, contradicting its public claims of absolute encryption.
"Some users—such as certain celebrities, politicians, and Meta employees—are afforded special handling by Meta such that access to their encrypted messages is more closely tracked within Meta and WhatsApp. Meta workers still have access to these users’ messages, but their access of the accounts flags the worker for investigation. Even as to these privileged few WhatsApp users, however, Meta and WhatsApp are still misleading them and violating their privacy by storing their supposedly private, end-to-end encrypted, messages," the suit claims.
The plaintiffs allege constitutional privacy violations under Article I, Section 1 of the California Constitution and seek relief for unjust enrichment and statutory larceny.
The proposed class includes WhatsApp users worldwide from April 5, 2016 onwards, excluding users based in the United States and Canada (who are bound by arbitration clauses), the European region and the United Kingdom due to separate jurisdictional terms under WhatsApp’s service agreements
Named plaintiffs include users from Australia, Brazil, India, Mexico and South Africa, who allege their private communications were accessed contrary to WhatsApp’s privacy assurances.
The complaint places the allegations within the broader context of Meta’s history of privacy violations, referencing prior enforcement actions by the US Federal Trade Commission and European data protection regulators.
The plaintiffs argue that WhatsApp’s encryption claims were critical to its global adoption, particularly among journalists, activists and users in authoritarian regimes, for whom privacy of communications can carry severe personal consequences.
The suit seeks damages, injunctive relief and a jury trial, aiming to restrain Meta and WhatsApp from continuing what the plaintiffs describe as "systemic misrepresentation of privacy protections" offered by the messaging platform.
The plaintiffs are represented by Quinn Emanuel Urquhart & Sullivan LLP, Keller Postman LLC and Barnett Legal PLLC.
[Read lawsuit]