It is technically illegal, because the app is uploading all data from the phone book of a smartphone (names, phone numbers, email addresses, birthday dates, post addresses, etc.), but Meta argued that the data isn't saved directly, all get an unique identifier, which is necessary so the app can work. But collecting data from people (who don't even use WhatsApp) and didn't agree to it, is illegal in the EU and only replacing a unique number with another unique number doesn't make a person anonymous. It's still an identifier.
That's why I wrote technically, because WhatsApp is still around and Meta might have found a loophole, otherwise a lot of countries couldn't use WhatsApp and I think Meta had to invest a lot of money to create or find this loophole.