Meta’s removal of end-to-end encryption from Instagram direct messages, effective May 8, 2026, raises the question of accountability. The change was disclosed through a quiet help page update. As a privacy feature disappears with minimal public notice, the question of who bears responsibility for this decision deserves examination.
Encryption on Instagram was introduced in 2023 as an opt-in feature following Zuckerberg’s 2019 commitment. The opt-in design limited adoption, and Meta has used this to justify removal. But responsibility for the feature’s failure may lie with the design choices that prevented adoption in the first place.
After May 8, Meta will have access to all Instagram DMs. The company has not been required to justify this decision to its users or to regulators. The accountability gap between the significance of the change and the oversight it has received is striking.
Law enforcement agencies including the FBI, Interpol, and national bodies in Australia and the UK had pushed for this change. Child safety advocates backed their position. Australia reportedly began enforcing the change before the global deadline.
Digital Rights Watch argued that accountability must be demanded at multiple levels. Meta’s leadership should be held responsible for a decision that affects hundreds of millions of users. Regulators should be held responsible for failing to require meaningful oversight of platform privacy decisions. And the broader technology industry should be held responsible for allowing privacy standards to deteriorate without meaningful resistance.