The loophole in WhatsApp's end-to-end encryption is simple: The recipient of any WhatsApp message can flag it. Once flagged, the message is copied on the recipient's device and sent as a separate message to Facebook for review.
That practically applies to every form of digital communication. Sender/recipient has it on their end unencrypted and passes/leaks it on elsewhere
Once a review ticket arrives in WhatsApp's system, it is fed automatically into a "reactive" queue for human contract workers to assess. AI algorithms also feed the ticket into "proactive" queues that process unencrypted metadata—including names and profile images of the user's groups, phone number, device fingerprinting, related Facebook and Instagram accounts, and more.
Just indicating that the steps taken that you mentioned are far beyond what most people would imagine as expected behavior for encrypted messaging software. Assuming your quote was published somewhere, as being about WhatsApp. I might've misunderstood.