Dutch privacy group SOMI is calling for a wide-ranging investigation into the activities of controversial data analytics firm Palantir across the European Union (EU) and wants to raise awareness about European governments’ collaboration with tech companies from outside the EU on surveillance and profiling technology.
The Amsterdam-based Foundation for Market Information Research (Stichting Onderzoek Marktinformatie, or SOMI), is a non-profit organisation that advocates for data privacy and consumer issues in the Netherlands and around Europe.
It says it is taking action because neither Palantir nor the multiple European agencies that use its technology have been willing to share any information about its performance. These bodies are known to include Europol, which has used Palantir’s Gotham software to conduct operations analysis in an anti-terrorism taskforce, as well as the French intelligence services, the Danish national police, state police in Hesse and North Rhine-Westphalia, Germany and, possibly, Dutch police.
In the UK, besides being linked to Cambridge Analytica in the past, Palantir was this year engaged to work alongside Amazon Web Services, Google and Microsoft to construct a data analytics programme for NHSX’s work on Covid-19. More recently, it was awarded oversight of the UK’s post-Brexit border and customs data, while in the US it has worked with US immigration agency ICE, which has itself been implicated in multiple human rights abuses under the Trump regime.
“The strength of Palantir’s approach lies in the ability to combine independent and thus meaningless data in such a way that unexpected connections and insights arise,” said Cor Wijtvliet, co-founder of SOMI.
“But it was precisely this access to all those databases that gradually turned the appreciation and admiration for the work and the software into a mood of mistrust and disapproval.”
SOMI hopes its complaint will benefit European citizens by forcing Palantir and its users to come clean over how citizens’ data is accessed by the company, who uses it, what they use it for, and what data has already been or will be processed. It also hopes to highlight the potential consequences of European agencies engaging with “faulty or non-EU GDPR [General Data Protection Regulation] compliant software”.
It said it believed that the predictive policing methods that Palantir’s software can enable clearly violate the presumption of innocence until proven guilty, and several GDPR regulations. Notably, said SOMI, the GDPR provides safeguards against the application of practices such as profiling and automated decision-making.
SOMI also highlighted Palantir’s close relationships with the US government and intelligence agencies as a source of concern, as well as a lack of transparency over meetings held with European Commission president Ursula von der Leyen at the World Economic Forum in Davos, Switzerland.
“The purpose of SOMI’s public action is to make sure that all European citizens are well protected from random or uncontrollable practices and that the integrity of EU surveillance operations will not be compromised by un(known) non-European entities,” the group said.
More information on the proposed action, including for current EU citizens on how to register to take part, can be found at SOMI’s website, in Dutch and English. The organisation has also developed a GDPR mobile app that consumers can download to make subject access requests for an overview of their personal data.