Meta is preparing to introduce a major change to how it collects and uses user data, one that will give the company access to private conversations—including direct messages and chats with Meta’s AI—across its family of apps. The update, which arrives with no toggle or opt-out option, has raised alarm among privacy advocates who fear the company is moving toward an unprecedented level of surveillance over everyday digital communication.
Under Meta’s revised privacy terms, the company plans to expand the category of information it can access to include “activity and information that you provide,” a description that explicitly covers private message content. Meta has framed the change as part of its broader effort to improve personalization, build more responsive AI products, and refine advertising tools. Critics, however, view it as a dramatic shift that could reshape user expectations around privacy on some of the world’s most widely used platforms.
Global rollout begins mid-December, but Europe will wait until March
According to industry reporting, the new policy begins on December 16, 2025, for most of the world. Users in the EU and UK, which operate under some of the strongest privacy laws globally, will see the change take effect later—reportedly around March 4, 2026, pending regulatory review.
PC World Magazine, which closely tracks technology and privacy trends, noted that the collected data will feed directly into Meta’s AI and advertising systems. The policy gives users effectively two choices: continue using Meta products and accept the new data practices, or stop using them entirely.
This lack of a meaningful consent option is expected to be a major flashpoint in the privacy debate that has already begun to unfold.
WhatsApp users face the most uncertainty
While the changes affect Facebook, Instagram, and WhatsApp, the implications for WhatsApp stand out. The messaging app, long marketed as a platform for private and encrypted communication, provides no option to disable its AI integration. That means its billions of users may soon have portions of their conversations analyzed to train Meta’s AI models and personalize services.
Meta says its end-to-end encryption remains intact and that no external party can intercept messages. But the company’s updated terms confirm that user-provided content—including messages and AI interactions—can still be stored and processed in ways that raise concerns about long-term data retention and internal access.
Privacy experts warn that broad internal access to message content could undermine years of public messaging about WhatsApp’s commitment to secure communication.
Longstanding fears about message monitoring resurface
Meta’s policy shift comes at a time when skepticism toward digital privacy claims is already high. Over the last several years, Meta has been known to provide real-time or near real-time user data to authorities in certain countries. While the company has historically said this does not include the content of private messages, several independent investigations suggest message-level data has been accessed indirectly through spyware or third-party tools.
A particularly troubling example surfaced through reporting by Israel’s 972 Magazine and the group Tech for Palestine, which documented how an Israeli military system known as Lavender allegedly used WhatsApp metadata to identify individuals in Gaza for targeting. According to their findings, something as simple as being in a group chat with another individual already marked by the system could contribute to someone being flagged.
The case raised a global alarm about how message platforms—even those that advertise high security—can play a role in real-world harm when data is accessed or exploited.
High-profile surveillance incidents deepen worries
WhatsApp was also central in the events leading up to the murder of journalist Jamal Khashoggi, whose family’s device was compromised through the Pegasus spyware tool. The Pegasus system, developed by Israeli company NSO Group, has been linked to monitoring operations against activists, journalists, political opposition figures, and even government officials across several countries.
These repeated incidents form a backdrop to today’s concerns, leaving many users questioning whether Meta’s expanded data-collection plans could unintentionally increase the risk of private communications being exposed or misused—even if that is not the company’s stated intention.
Meta denies wrongdoing but faces a lawsuit from its former security chief
Meta insists that it does not maintain backdoors in its products and that it is not actively reading user messages. Despite this, the company is currently facing a notable lawsuit filed by its former head of security, Attaullah Baig, who claims Meta allowed thousands of engineers to freely access sensitive user information. Baig alleges that Meta ignored multiple internal warnings about serious vulnerabilities and that he was dismissed for raising concerns.
The lawsuit also claims Meta has not effectively stopped the hacking of more than 100,000 user accounts per day, an accusation the company strongly denies. Still, the legal battle raises questions about how well Meta can safeguard the additional data it now plans to collect.
Privacy concerns extend beyond Meta as spyware reports grow
The broader digital privacy environment is also becoming more troubled. The rights organization SMEX recently revealed that Samsung mid-range smartphones sold in several regions come with pre-installed spyware that cannot be removed, reportedly sourced from Israeli firms. The development has added even more urgency to discussions about device-level security and surveillance risks.
Collectively, these issues paint a picture of a global digital landscape where personal data is increasingly difficult to protect, even for cautious users.
