Berlin, Germany – A German court has ruled against WhatsApp, prohibiting the transfer of personal data from German users, as well as contact information from non-users, to its parent company, Facebook (now Meta). The ruling, issued by the Berlin Regional Court, centers on the legality of user consent obtained in 2016 regarding data sharing practices. This decision adds to a growing list of legal challenges facing Meta’s data handling policies in Europe, highlighting increasing concerns over user privacy and data security.
The core of the dispute revolves around how WhatsApp sought consent from its users for linking their data with Facebook. The court found that the methods employed – push notifications and website prompts – were insufficiently transparent and did not provide users with a genuinely voluntary choice. Specifically, the court objected to WhatsApp’s practice of requiring users to broadly consent to the transfer of all phone numbers from their address books, even those belonging to individuals who did not leverage WhatsApp. This blanket consent, the court determined, was unlawful.
The case was brought before the court by the Verbraucherzentrale Bundesverband (vzbv), the Federation of German Consumer Organisations, in 2017. While the vzbv welcomed the ruling as a victory for consumer rights, the court did not order WhatsApp to delete data already transferred to Facebook. In other words that while future data transfers based on the contested 2016 consent are prohibited, the existing flow of data remains, at least for now. The ruling underscores the complexities of retroactively addressing data privacy violations.
Background of the Legal Battle
The legal battle between the vzbv and WhatsApp stretches back to 2016, following changes to WhatsApp’s terms and conditions that allowed for greater data sharing with Facebook. The vzbv argued that these changes violated German consumer protection laws, specifically regarding the clarity and comprehensibility of contract terms. German law, rooted in sections 305 ff. Of the German Civil Code, requires standard terms and conditions to be ‘clear and comprehensible’ (as previously ruled by the Berlin Court of Appeals in a 2016 case) and subject to judicial review for fairness. The court had previously determined that terms and conditions available only in English did not meet this standard for German consumers.
This latest ruling builds upon a history of regulatory scrutiny of Meta’s data practices in Germany. In 2016, the Hamburg Data Protection Authority prohibited Facebook from collecting data from German users. More recently, in 2024, the German Federal Cartel Office (Bundeskartellamt) ruled that Meta could not merge personal data from Facebook, WhatsApp, and Instagram without explicit user consent. These decisions demonstrate a consistent effort by German regulators to enforce strict data privacy standards.
Implications for WhatsApp Users and Meta
The Berlin court’s decision has significant implications for both WhatsApp users in Germany and Meta as a company. For users, it reinforces their right to control their personal data and to be informed about how that data is being used. The ruling sends a clear message that companies cannot rely on ambiguous or coercive tactics to obtain consent for data sharing.
For Meta, the ruling represents another setback in its efforts to integrate the data of its various platforms. The company has repeatedly sought to leverage the combined data of Facebook, WhatsApp, and Instagram to improve ad targeting and personalize user experiences. However, these efforts have consistently faced resistance from regulators and privacy advocates across Europe. The court’s decision specifically targets the data transfer to Facebook, potentially hindering Meta’s ability to create a unified user profile across its services.
The Friends Finder Function and Data Protection
The ruling also echoes concerns raised in a separate case concerning Facebook’s “Friends Finder” function. In December 2025, the Berlin Regional Court II ruled that Facebook was not permitted to store data from individuals who were not members of the platform (as reported by LTO). The court found that collecting and storing contact information from non-users without their consent violated data protection principles. This decision further underscores the stringent data privacy standards enforced in Germany.
The Friends Finder function allowed Facebook users to upload their contact lists to identify friends who were also on the platform. While users could delete this data, the court deemed the initial collection and storage of non-users’ data unlawful. The court’s concern stemmed from the fact that individuals who were not Facebook members had no control over how their data was being used.
Next Steps and Potential Appeals
The current ruling is not yet final and can be appealed by both WhatsApp and the vzbv. If appealed, the case will likely be heard by the Berlin Court of Appeals. The outcome of any appeal could significantly impact the future of data sharing practices between WhatsApp and Facebook in Germany.
Meta has not yet publicly commented on its plans to appeal the decision. However, given the company’s history of challenging data privacy regulations, an appeal is likely. The vzbv, is expected to push for a broader ruling that would compel WhatsApp to delete all data already transferred to Facebook based on the contested 2016 consent.
Broader European Context
This case is part of a larger trend of increased regulatory scrutiny of considerable tech companies’ data practices in Europe. The General Data Protection Regulation (GDPR), which came into effect in 2018, has significantly strengthened data privacy rights for individuals across the European Union. Regulators across Europe are actively enforcing the GDPR, imposing hefty fines on companies that violate its provisions.
The German court’s ruling against WhatsApp is a clear indication that European regulators are taking a firm stance on data privacy and are willing to challenge even the largest tech companies to ensure compliance with the law. This decision is likely to have a ripple effect, encouraging other regulators to take similar action against companies that engage in questionable data sharing practices.
Key Takeaways:
- The Berlin Regional Court has prohibited WhatsApp from transferring personal data to Facebook based on user consent obtained in 2016.
- The court found that WhatsApp’s methods of obtaining consent were not sufficiently transparent or voluntary.
- The ruling does not require WhatsApp to delete data already transferred to Facebook.
- The decision is part of a broader trend of increased regulatory scrutiny of big tech companies’ data practices in Europe.
- Both WhatsApp and the vzbv have the right to appeal the ruling.
The legal landscape surrounding data privacy is constantly evolving. Users should remain vigilant about their data rights and carefully review the privacy policies of the services they use. The next step in this case will be determined by whether either party chooses to appeal the Berlin Regional Court’s decision. We will continue to monitor this story and provide updates as they become available. Share your thoughts on this ruling in the comments below.