What Digital Sovereignty Looks Like in Germany
On 28 April 2026, 21:03 CET, a short notice appeared in the native Messages app on many iPhones: the Tagesschau breaking-news channel will be shut down on 5 May 2026. Anyone who still wants push alerts from Germany’s main public-service newscast is told to switch to the WhatsApp channel — a service run by Meta.
What is being swapped here is not “SMS for messenger”. It is two very different messenger worlds — and one of them is significantly more problematic from a data-protection perspective than the other.
Which platform is being shut down
The discontinued channel is Apple Messages for Business (AMB), Apple’s B2C messaging service. AMB has been officially available since 2018; Tagesschau and FAZ have been delivering content over it since April 2020. Anyone subscribing to an AMB channel receives the messages directly in the native Messages app on iOS — no extra app, no new account, no separate terms to accept.
AMB is a platform silo: it works exclusively on Apple devices with iMessage active. Anyone on Android never had access to this channel in the first place. So far, so unromantic.
But on data protection, AMB is unusually well positioned — and that is precisely what makes the current migration a case study.
Why this isn’t a wash
Both services encrypt message content end-to-end. The differences lie in the metadata, in how the recipient is identified, and in the overall data-protection assessment of the service.
| Aspect | Apple Messages for Business | WhatsApp (standard Business app) |
|---|---|---|
| Content encryption | end-to-end | end-to-end |
| Metadata at the provider | sharply reduced, not linked for advertising | extensive, inside the Meta corporate group |
| Phone number visible to the sender | optional (anonymous session ID possible) | mandatory |
| Address-book access | not required | requested, with contact matching |
| GDPR fitness | broadly considered compliant in industry assessments | the standard app is critically rated (US servers, address-book matching); only the more expensive Business API is considered legally sound under specific conditions |
In short: a public-law broadcasting institution is shutting down a channel where recipients can hide their phone number from the sender and where only reduced metadata is collected — and is pointing its subscribers exclusively to a channel that requires the mandatory disclosure of the phone number and an address-book sync inside a US corporate group.
Apple good, Meta bad? It’s not that simple
To avoid any misunderstanding: AMB is just as much a platform silo as WhatsApp — it is simply Apple’s silo. Anyone without an iPhone was excluded from this channel from the start. The honest finding is not “Apple good, Meta bad”.
The honest finding is: Tagesschau had a messenger channel with a significantly better privacy profile — and is shutting it down in favor of a markedly more problematic corporate service. Privacy-friendly, platform-neutral alternatives such as the existing Tagesschau app with push notifications, an RSS feed, or an email newsletter are not even mentioned in the shutdown notice. And keeping the more data-frugal AMB channel running in parallel apparently was not even considered.
Anyone who does not want to or cannot maintain a Meta account loses access to this push breaking-news offering via messenger entirely.
The awkward part: this is license-fee money
This is where it gets uncomfortable. ARD and its broadcasting institutions — and therefore Tagesschau — are not private-sector companies. They are institutions under public law, financed through the Rundfunkbeitrag, a license fee that nearly every household in Germany is legally required to pay.
Their statutory mandate is, among other things, to ensure independent basic information coverage — explicitly as a counterweight to commercial interests. When those institutions shut down a more data-frugal channel and steer license-fee payers to a US ad network instead, without prominently naming any platform-neutral alternative, that is not just a product decision. It is a political decision — made with money that belongs to all of us.
And the GDPR?
Here it gets really interesting. Simplified, the GDPR requires:
- a legal basis for any data processing (Art. 6),
- where consent is the basis, freely given consent (Art. 7(4)) — i.e. no coerced agreement,
- data minimization (Art. 5(1)(c)) — only what is necessary,
- for transfers to third countries (e.g. the USA), additional safeguards such as Standard Contractual Clauses, an adequate level of data protection and, where needed, supplementary technical measures.
A public-service institution that redesigns a communications channel in such a way that recipients are effectively forced to use a Meta service if they want to keep receiving push breaking-news must be able to explain:
- The legal basis under which metadata of license-fee payers is being passed to Meta — and whether the consent that has been effectively coerced in this way is even compatible with the principle of freely given consent.
- How shutting down the more data-frugal AMB channel in favor of WhatsApp’s extensive metadata processing is compatible with the principle of data minimization.
- Which WhatsApp variant (standard Business app or WhatsApp Business API) is actually in use — and whether this choice was reviewed and documented from a data-protection perspective.
- How the third-country transfer to the USA is structured in a legally sound way after Schrems II — including the question of what happens when US authorities demand access on the basis of FISA 702 or the Cloud Act.
- What controllership arrangement exists between NDR/ARD-aktuell and Meta for the operation of the WhatsApp channel — in particular whether a joint-controllership agreement under Art. 26 GDPR exists and is publicly available.
- Why no privacy-friendly alternative is offered — for example native push notifications via the existing Tagesschau app, RSS, email, or simply continuing to operate the AMB channel in parallel.
What a GDPR-compliant version of this setup is supposed to look like is — to put it politely — not obvious.
The contradiction with “digital sovereignty”
In Sunday speeches, “digital sovereignty” is one of the favorite terms of the German federal and state governments. The idea: Germany and Europe should free themselves from dependence on non-European tech corporations, keep critical infrastructure in their own hands, build their own platforms.
In practice, digital sovereignty looks like this: an institution funded 100 % by license fees shuts down the more data-frugal channel of one US corporation and refers the paying population to a product made by another US corporation — one whose data-processing practices have been the subject of European data-protection disputes for years. The public sector is actively reinforcing the platform economy whose dominance it complains about elsewhere — and is doing so by deliberately picking the more problematic of the two available platforms.
This is not a technical detail. This is a structural problem.
I have asked
I have sent inquiries to the relevant offices:
- the broadcasting data protection officer of NDR,
- the joint broadcasting data protection officer of the remaining ARD institutions,
- the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
A brief legal clarification: jurisdiction over NDR and Tagesschau primarily lies with the broadcasting data protection officers — broadcasting institutions have their own supervisory bodies. I have included the BfDI anyway, because the Federal Commissioner can very well speak to the third-country-transfer problem (USA) and to the role-model function of public-service institutions — even if formal jurisdiction over the case itself lies elsewhere.
I will publish the answers here as they come in.
Conclusion
When, of all institutions, the Tagesschau — funded through general public levies — gives up a more data-frugal messenger channel in favor of a markedly more problematic US corporate service, and does not even mention platform-neutral alternatives, this is more than a technical migration. It is a case study in how far the rhetoric of digital sovereignty in Germany diverges from the actual everyday practice of the country’s public broadcasters.
The answer cannot be “but everyone uses WhatsApp”. That argument is precisely the mechanism by which platform monopolies get cemented — and hearing it from a public-service institution is, at the very least, irritating.
Update to follow once responses from the data protection authorities arrive.
