After purchasing WhatsApp for $19 billion in 2014, Facebook said it would never sell "personally identifiable information" from users or otherwise change the app's privacy policy. Late last month, however, it announced that WhatsApp would share phone numbers, profile data, status messages and more with its parent. That prompted critics in the US like the Electronic Privacy Information Center (EPIC) to accuse it Facebook of "lying" and violating an FTC order.

This is the first time a government regulator has waded into the dispute, though. Caspar said he was concerned that Zuckerberg and Co. could upload users' WhatsApp contacts to Facebook, even if they're not on the social network, a violation of German law. He added that even though Facebook hasn't done that, "[this] is cause for concern that the gravity of the data protection breach will [be even more serious]."

Europe, and Germany especially, have strong privacy laws and frequently clash with Google, Facebook and other tech companies over the issue. Just last year, for instance, German courts ordered Facebook to allow pseudonyms instead of real names, something it has fought for a long time. Following the decree, Facebook told the New York Times that it had complied with European law and was willing to work with the Hamburg commissioner to deal with the issue.