WhatsApp · WhatsApp Privacy Policy

Contact List Upload Including Non-Users

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

When you give WhatsApp permission to access your contacts, it uploads and stores the phone numbers of everyone in your address book — including people who have never agreed to WhatsApp's terms.

Consumer impact (what this means for users)

Every person in your phone's contacts list — whether or not they use WhatsApp — may have their phone number uploaded to WhatsApp and Meta's servers without their knowledge or consent, raising significant privacy concerns for non-users.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Revoke WhatsApp's access to your contacts by going to your phone's Settings, selecting Apps, then WhatsApp, then Permissions, and disabling Contacts access. Note this will prevent WhatsApp from finding new contacts but does not delete already-uploaded data.

Cross-platform context

See how other platforms handle Contact List Upload Including Non-Users and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

People who have never signed up for WhatsApp and never agreed to its privacy policy may have their phone numbers collected and stored by Meta simply because someone they know uses WhatsApp.

View original clause language
Address Book. With permission, you access the address book on your device to add contacts and otherwise use our Services. You provide us the phone numbers of WhatsApp users and your other contacts in your mobile phone address book on a regular basis.

Institutional analysis (Compliance & legal intelligence)

1. REGULATORY FRAMEWORK: This provision implicates GDPR Art. 6(1) regarding lawfulness of processing personal data of non-users (third parties who have not consented), Art. 14 (information to be provided where personal data have not been obtained from the data subject), and Art. 5(1)(c) data minimisation principle, enforced by the Irish DPC. It also engages FTC Act Section 5 for collection of data about individuals who have not consented, and potentially CCPA/CPRA for California residents whose data is collected without direct consent. 2.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has jurisdiction over unfair data collection practices affecting individuals who have not consented to data collection, under FTC Act Section 5.
    File a complaint →

Provision details

Document information
Document
WhatsApp Privacy Policy
Entity
WhatsApp
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003491
Document ID
CA-D-00176
Evidence Provenance
Source URL
https://www.whatsapp.com/legal/privacy-policy
Wayback Machine
View archived versions →
SHA-256
da3747c89494f5bc1ac42196c98a312f3a8f2653a848eb7d232db53b79597ebe
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: WhatsApp | Document: WhatsApp Privacy Policy | Record: CA-P-003491
Captured: 2026-04-27 13:47:46 UTC | SHA-256: da3747c89494f5bc…
URL: https://conductatlas.com/platform/whatsapp/whatsapp-privacy-policy/contact-list-upload-including-non-users/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document