In May 2026, the Texas Attorney General filed a lawsuit against Meta and WhatsApp, claiming that the companies misled users about how private and inaccessible WhatsApp communications really were. While Meta representatives maintained that WhatsApp cannot access users’ end-to-end encrypted communications, the Texas' lawsuit argues that Meta allegedly retained broader access to communications than users were led to believe, citing a federal investigation and a whistleblower report to the U.S. Securities and Exchange Commission.
Texas is seeking financial penalties and restrictions on access to Texans’ communications without consent. It should be noted that Meta is already facing a wide range of lawsuits around privacy, biometrics and child safety.
Many users hear terms like “encrypted,” “private,” and “secure” without fully understanding what those terms mean. While the message itself may be encrypted, categories such as metadata, cloud backups and internal review systems have to be kept in mind. Additionally, FISA limits the privacy claims made by tech giants - restrictions are in place whereby communications have to be handed over to the US intelligence agencies when demanded. The heavily-contested Section 702 of the FISA, allowing warrantless surveillance of non-U.S. persons located abroad, was extended till June 12, 2026 by Donald Trump after which a decision will be made on whether FISA should be extended.
Whatever the outcome this recent case, companies should be mindful how they market privacy claims to make sure that users and regulators are on board with the technical limitations surrounding privacy.
