Specifically, the privacy group says it's planning to file a complaint against the companies for violating statues of the Federal Trade Commission act that warns against "unfair or deceptive acts or practices." Here, EPIC is accusing WhatsApp of lying to users when it promised its 2014 sale to Facebook wouldn't effect its privacy policy -- which pledged never to share or sell "personally identifiable information" like the phone number, name and profile data shared under the new policy.

WhatsApp says it needs to share limited data with Facebook to test out new features designed to help users "communicate with business," such as receiving fraud notifications from a bank or flight delays from airline companies. WhatsApp also maintains that all messages will still be completely encrypted, and unreadable by both Facebook and WhatsApp staff.

Users also have up to 30 days to opt-out of the sharing portion of the new terms-of-service, but according to EPIC, that doesn't protect the companies from the FTC's consent order. The order apparently requires the company to obtain an opt-in consent before asking them to agree to the new terms. WhatsApp does technically offer an opt-in option, but it's not clear how to access it: one must click "read" to view the terms-of-service agreement before the opt-in checkbox appears.

It may sound like privacy groups are splitting hairs, but how user data is handled can have unforeseen legal consequences. It's not just special interest groups who are concerned -- The United Kingdom's Information Commissioner is also investigating the WhatsApp policy change to ensure it complies with the Data Protection Act. It's a complicated little mess, but Facebook, at least, is confident it's on the right side of the law. "WhatsApp complies with applicable laws," a spokesperson said in a Motherboard interview. "As always, we consider our obligations when designing updates like this."