According to Art. 6 para. 1 FADP, personal data must be processed lawfully. According to Art. 31 FADP, the processing of personal data is only lawful if it is justified by the consent of the data subject, by an overriding private or public interest, or by law*. Art. 31 para. 2 FADP lists examples of such overriding interests. Such an interest may exist in particular if personal data of the contractual partner is processed in direct connection with the conclusion or execution of a contract. However, regarding consent under Art. 31 FADP, I presume that not every processing of personal data is permissible if the data subject agrees to it. Digital platforms such as WhatsApp encourage their users to disclose almost all possible data about themselves, as the benefits of the platform are so great for the data subjects that they would be cut off from their social contacts, for example, if they refused. In addition to the principle of proportionality (s. below), I believe that Art. 27 CC also applies here, whereby the state protects the data subjects from themselves, so to speak. According to this rule, one cannot «surrender one’s freedom», i.e. one cannot «enslave» oneself to third parties.
*The collection and processing of personal data is prohibited without a valid justification. This corresponds to the principle of data protection prohibition with reservation of permission, also known as the prohibition principle, which is applied in the European system (in the USA, the opposite applies; the collection and processing of personal data is generally permitted, unless it is prohibited in specific cases).