Introduction: Privacy is one area of great concern today, especially with the growing use of encrypted messaging platforms, in defining relationships in the more digital space. This paper critically examines the privacy policies of WhatsApp against the backdrop of evolving digital surveillance and international data protection frameworks such as the GDPR, CCPA, and LGPD.

Objectives: Evaluate WhatsApp's compliance with global and Indian data protection standards, focusing on cybersecurity threats related to metadata and surveillance, as well as regulatory responses, particularly the Indian Digital Personal Data Protection (DPDP) Act and Rules 2025.

Methods: A qualitative research methodology was used, focusing on policy analysis, case reviews, and regulatory documents. This includes assessing changes in WhatsApp's policy, examining breach incidents, and interpreting legal developments through doctrinal and comparative analysis.

Results: The study findings show that privacy concerns persist despite WhatsApp's end-to-end encryption, due to issues like metadata collection, unencrypted cloud backups, and spyware vulnerabilities. The 2021 policy update faced global backlash, highlighting failures in consent and data transparency. In India, the DPDP Act imposes strict obligations for user consent, breach notifications, and data rights.

Conclusions: The study concludes that while WhatsApp meets encryption expectations, deeper issues persist. To foster digital trust, platforms should focus on user autonomy, transparency, and strong data protection. Regulatory reforms, such as India's DPDP Act, are crucial, but enforcement and public awareness, along with a balance between privacy and national security, must also progress.