Meta’s removal of end-to-end encryption from Instagram direct messages, effective May 8, 2026, raises a fundamental question about user consent. The change was disclosed through a quiet help page update. Users who had chosen to enable encryption on their accounts made a deliberate privacy decision. That decision is now being overridden without their input.
Encryption on Instagram was introduced in 2023 as an opt-in feature following Zuckerberg’s 2019 commitment. Users who activated the feature did so knowingly, choosing an enhanced privacy setting. Meta’s removal of the feature reverses that choice without asking users whether they agree.
After May 8, users who had enabled encryption will find that their privacy setting has been changed against their preference. The principle of consent — that users should be able to make informed choices about how their data is handled — is not being respected in this case. This is a significant concern from a data rights perspective.
Law enforcement agencies including the FBI, Interpol, and national bodies in Australia and the UK had pushed for this change. Child safety advocates backed their position. Australia reportedly saw the feature deactivated before the official global deadline.
Digital rights advocates argue that the consent issue is as important as the privacy issue. Tom Sulston of Digital Rights Watch maintained that users who chose encryption made a contract with the platform. Removing encryption without their consent is, in his view, a breach of that contract. He and others are calling for regulatory frameworks that would protect user privacy settings from being unilaterally changed by platforms.
