Palantir Technologies suspected of privacy issues

Foundation Research Market Information (SOMI) represents European citizens in research into the activities of the American data analysis company. 

This article was published on 16 november 2020 on Emerce.nl in the Netherlands. Please find the English translation below.

Various government and law enforcement agencies in Europe use software from the American data analysis company Palantir. The company has been involved in data scandals several times and has been criticized for its close ties to the US government and intelligence agencies. Neither Palantir, nor any agencies in Europe using it, are willing to share information about the application of the software. The Foundation for Market Information Research (SOMI) is therefore starting an investigation into the activities of Palantir Technologies in the EU and the impact this has on the rights of European citizens.

Call for transparency

The main objective of SOMI is to demand transparency from Palantir and organizations using the service of Palantir, through the company itself or through subcontractors. The public has the right to know how the software works, who uses it, what it was used for and what kind of data has been processed. The purpose of the action is to further investigate Palantir's data processing practices in relation to EU citizens.

The foundation aims to raise awareness about the collaborations between foreign governments and technology companies regarding the use of surveillance and profiling technologies and their impact on the privacy of European citizens. SOMI would especially like to point out the consequences if this happens with software that does not comply with the General Data Protection Regulation (GDPR) - in Europe: GDPR. In addition, the foundation wants to ensure that all European citizens are well protected against intrusive practices by these technology companies and that the integrity of European surveillance operations will not be compromised by non-European entities.

Objections

In practice, Palantir can make criminal investigations more efficient, but the price that may have to be paid for it, both by government agencies and citizens, is too high. SOMI's objections to the use of Palantir software in the European public sector are:

• • It is unclear whether Palantir and/or the organizations using the software adhere to the GDPR requirements
• 
  
• Palantir's software uses “predictive policing,” which clearly violates the presumption of innocence - a fundamental principle of criminal law that states that everyone is innocent until proven otherwise - and several GDPR regulations. Although exceptions are made in the European GDPR for, among other things, national security and the prevention and investigation of crime, the GDPR offers extra protection against the application of practices such as profiling and automated decision-making.
• 
  
• For example:
• Individuals must be informed
  
• Information about how data is used, by which parties and the consequences of the data processing must be provided to individuals. In Europe, this should be done both when the data is collected (notification) and when the individual requests more information (right of access).
• 
  
• Data must be collected, processed and stored securely
  
• In Europe, authorities and law enforcement officials must ensure that appropriate measures are taken to protect the integrity and security of data. They must keep a record of every access and use of personal data, by recording all processing activities or categories of processing activities.
• 
  
• Right not to be subject to automated decision-making
  
• In Europe, individuals have the right not to be subject to a decision when it is based solely on automated processing and when it has an adverse legal effect or significantly affects the individual. The individual must be able to obtain an explanation of the decision and challenge it, and to request human intervention by someone who has the authority and the power to change the decision.
• 
  
• • Palantir software has encountered a variety of problems, including uncovering citizen data.
• 
  
• In the United States, several law enforcement agencies using Palantir have problems with the software. For example, a detective with the Long Beach drug team, which uses the Palantir data analysis system, complained that confidential information had been made available to other departments [5]. Other issues include hard to use software, opaque terms of service, and not responding to issues.
• 
  
• • Palantir's relationship with the US government and intelligence agencies.
• 
  
• Palantir was funded by the CIA through its In-Q-Tel capital fund and has worked with US agencies such as the NSA, FBI, Department of Defense, Immigration and Customs Enforcement, Air Force and Marine Corps. It should come as no surprise that Palantir  is covered by the Foreign Intelligence Surveillance Act (FISA) [6]. This means that any information about non-US citizens that Palantir can access must be shared with US intelligence services if warranted.
• 
  
• • Palantir's work has provided access to a great deal of sensitive data of European citizens and businesses.
• 
  
• Palantir software is designed and implemented to track down terrorists threatening the security of the United States. With this basis, the software also works within the EU. However, unlike commercial technology companies such as Facebook or TikTok, Palantir processes highly sensitive data, such as footage from surveillance cameras, car license plates, and social security numbers. Such information could be used to target or discriminate against citizens, potentially causing serious damage and endangering European national security.
• 
  
• • Palantir's controversial business practices and data ownership dispute.
• 
  
• The company has a history of withholding readable data from its customer [7] once they decide to switch software. Although Palantir claims that the data belongs to its customers, Palantir owns the intellectual rights to the analyzes produced by its software. This makes it more difficult for governments and law enforcement officials to leave the platform.

Palantir's operations in the EU

The coronavirus pandemic appears to be creating new opportunities for Palantir to broaden and deepen its reach in Europe. The UK National Health Service (NHS) has contracted Palantir to support the COVID-19 data center with its “Foundry” software. The company claims that its software can track and analyze the spread of the virus, measure the effectiveness of mitigation strategies and coordinate with local institutions. Palantir is now trying, possibly with success, to negotiate similar agreements in countries such as France, Germany, Austria and Switzerland [8].

It is unclear how successful Palantir has been in Europe so far. However, it is clear that Palantir is targeting high-profile law enforcement and intelligence services in Europe as well, due to its growing client list.

Despite Palantir making an entry in their transparency register with the European Commission, no records appear to have been kept of the Davos meeting between President von der Leyen and the Palantir CEO [9]. Members of the European Parliament are therefore very concerned about the EU's relationship with Palantir and the lack of transparency surrounding this relationship.

SOMI app

SOMI presents the very first GDPR rights application: with the SOMI app, consumers can request an overview of their personal data from companies that collect and maintain their data. The app can then be ordered to withdraw the data or to have it assessed for a violation of the GDPR. In addition, the app offers additional assistance to consumers, such as submitting complaints or initiating collective actions.

Participants in the Palantir Promotion can use the SOMI App to request information from Palantir and/or organizations using Palantir software, in accordance with the GDPR and Freedom of Information Act.

[1] https://www.bfmtv.com/tech/cyberdefense-la-france-peut-elle-couper-les-ponts-avec-palantir_AN-201809290009.html

[2] https://edri.org/our -work / new-legal-framework-for-predictive-policing-in-denmark /

[3] https://digit.site36.net/2020/06/11/europol-uses-palantir/

[4] https://fd.nl/illustration/1359235/geen-belegger-weet-wat-databedrijf-palantir-eigenlijk-doet

[5] https://www.wired.com/story/how-peter-thiels-secretive-data-company -pushed-into-policing/

[6] https://bigbrotherawards.de/en/2019/authorities-administration-hessian-interior-minister-peter-beuth

[7] https://www.brennancenter.org/our-work/analysis-opinion/palantir -contract-dispute-exposes-nypds-lack-transparency

[8] https://www.bloomberg.com/news/articles/2020-04-01/palantir-in-talks-with-germany-france-for-virus -fighting-tool

[9] https://www.euractiv.com/section/data-protection/news/commission-kept-no-records-on-davos-meeting-between-von-der-leyen-and-palantir -ceo /

About SOMI

The Foundation for Market Information Research (SOMI) is a Netherlands-based non-profit organization founded to identify issues of social importance and influence decisions related to these issues. SOMI focuses on the functioning of markets in the field of privacy, the elderly, housing and care.

In 2016 and 2017, SOMI conducted legal and econometric research into cartels by large banks in the Dutch mortgage market. Unique to the promotion was that the participants were also invited to act as knowledge workers (crowdsourcing). The research led to the development of an online calculator that provides insight into the consequences of cartels for individual homeowners.

In addition to alleged violations by Palantir, SOMI is also currently investigating possible violations of the European GDPR by ByteDance's TikTok app and the Zoom Communications video conferencing app.

Click here to read the original article on Emerce.nl (in Dutch)