In recent years, controversial US big data analytics company Palantir has gained ground in European agencies and their data infrastructure. This reflects a larger naiveté within European politics towards foreign tech companies and an imbalance in EU-US relations. Not only should Palantir be kept out of our institutions and security fabric, it is high time for the EU to gain more strategic technological independence, so that it may defend and assert its status as the last bastion of privacy.
Tech companies are not neutral, not even the supposedly ‘friendly’ ones. Founders and key engineers instil their products with a set of values, ethics, and philosophy. From the ubiquitous desktop design we find on personal computers to the addictiveness of like-buttons, it all flows from deliberate choices made with a certain worldview in mind. Digitally illiterate policy makers have glossed over this fact for many years, as they brought major tech companies into our governments, our societies, and even our children’s classrooms. Companies such as Google/Alphabet, Microsoft, Apple, and Facebook have a foothold in most European governments in the same way they obtained footholds in our private lives through our personal devices. These household names are subject at least to a degree of critical scrutiny, however many other companies are not known to the wider public.
Palantir is creeping into Europe
One company that is certainly not neutral — and should be kept out of our private lives and our European institutions — is US-based tech firm Palantir. It is one of Silicon Valley’s most controversial private technology firms, specialising in providing big data analytics software to government and corporate entities alike. Palantir’s fingerprints were all over the Cambridge Analytica scandal, which prompted the #deletefacebook movement. Its co-founder, Peter Thiel, is a tech-billionaire, who also happens to be the founder of Paypal and Facebook’s first investor. He pursues a strongly right-wing political agenda, not least as a sponsor of the 2016 Trump campaign. More importantly, Palantir is not only helping notorious immigration agency ICE deport immigrants, it also works for American security and intelligence agencies such as the NSA and CIA, aiding the former in spying on the whole world as Edward Snowden revealed. This is where European politicians should draw the line. A democratically legitimated body, whether it be national governments or the European Commission, should not facilitate surveillance of European citizens by foreign security services.
Yet, the name Palantir pops up frequently in Brussels. Even though the Commission initially denied that Palantir was involved in any way in the domain of Justice and Home Affairs, information has come out about a ‘pull-aside’ encounter in Davos with Commission President Von der Leyen (about which no notes were kept), planned meetings with high EU civil servants, and Palantir’s cooperation with Europol.
This reflects a larger naiveté within European politics towards tech companies and the application of digital services. A naiveté we should ditch as soon as possible.
A company with Palantir’s track record should not be considered as a partner for any EU-wide project, and the European Commission knows it. This secretive corporation is at odds with the European values many EU-citizens hold dear, such as privacy, civil liberties, and transparency of government — not to mention the strategic implications of cooperating with an American intelligence contractor.
Various European actors diverge on their willingness to accommodate and incorporate Palantir into their infrastructure. While Germany, France, and Austria chose to develop their corona tracing apps without the services of Palantir (after initial talks were held), the UK has invited the company into its health care system. The European Commission still seems to sit somewhere in the middle. It must make a clear choice to go down the path of maximum privacy and maximum transparency.
What we know about Palantir’s involvement in the EU
Governments and the Commission are not generous in sharing information on their connections with Palantir. This should come as no surprise, given the relatively long-standing relationship between Brussels and Palantir. There is a paper trail that doesn’t require a high-powered algorithm to find. Europol has been using Palantir’s “Gotham” software to analyse big data in the field of counter-terrorism since at least 2016. Furthermore, it has had an indirect working relationship with Palantir since 2012 as sub-contracted through Dutch IT consulting company Capgemini. The European aviation agency EASA is also using Palantir software, which it purchased for 15 Million Euros from the company’s British subsidiary. Also, various police forces in EU member states are using or have shown interest in “Gotham”.
In the meantime, European institutions and Palantir have developed a closer professional relationship as well. This is true not only with regards to a revolving door for human resources — at least one senior analyst left Europol to spend one and a half years at Palantir before returning to Europol as a data protection specialist — but also consultation privileges; only recently, high-ranking Commission officials went to D.C., spoke with Palantir, and stayed for a presentation, while the Commission’s president Ursula von der Leyen spoke with Palantir CEO Alex Karp in Davos off the record. The high-level access this one US company enjoys, and its involvement in sensitive areas such as policing and aviation, are under scrutiny now. This scrutiny is warranted, but it remains inconsequential if it does not prompt a larger discussion on transatlantic interconnectedness.
The larger picture of US-EU relations
The US federal government has proven better at asserting the political influence that flows from its economic relationship with the EU than vice versa. It is good at navigating the scattered layers of government that make up the European Union, and it is not afraid to throw around its weight; especially when it wants concessions pertaining to sharing private citizens’ data.
The sad fact is that too often the American federal government succeeds in getting from the EU what it wants in this area. In part because of US pressure, Europeans now have all their passenger name records stored for law enforcement access, and our passports carry our fingerprints providing fake security, (considering that many Member States cannot even read these fingerprints). Just this past month, Brussels became the second European airport (after Dublin) where US customs and immigration checks will be performed for flights going to the US. These border controls by a foreign authority on EU territory are a far-reaching step and they come without any form of reciprocity.
Also with regards to data sharing, the European Commission negotiated successive agreements — to govern the flow of data generated by European users on American platforms, such as Facebook or Instagram — which were deemed too weak by the European Parliament. In the controversy surrounding Safe Harbour, and its successor, the EU-US Privacy Shield, the question of whether the schemes left open a backdoor for US authorities was never properly addressed by the European Commission. Curiously enough, the Commission chose to all but argue the American side of the case. It was the European Court of Justice, which stepped in on behalf of European citizens as recently as this summer with the second “Schrems ruling”. In doing so, it clearly stated for the second time that our data is not sufficiently protected once it crosses the Atlantic.
The EU’s blind trust in the United States must therefore be thrown out the window. Suspicion of China — an authoritarian state with an increasingly aggressive posture — comes more natural to Europeans than suspicion of the US, a traditional ally. Yet, this is not about suspicion — it is about recognising two things: First, that it is not in Europe’s interest to sell off our privacy when it comes under a bit of pressure from the US. Second, that Europe’s and the United States’ interests have diverged over time.
Of course, the United States and Europe have been staunch allies for decades and will remain so, but the time has come to be mindful of what is at stake here. Europe has become the last bastion for many free and democratic values, including privacy. Preserving that status or even carving out a bigger space in the world in which those values can thrive, requires a much higher degree of independence or sovereignty. Establishing an equal relationship with the US is of utmost importance. The reality is that Europe is still unable to find its place on the world stage and its ability to exert regulatory power is waning. Finally changing that has to start with acting in accordance with our own values, enforcing GDPR rules, and taking a tougher stance towards the American surveillance state. Especially when it comes to that most sensitive of areas: domestic security.
Economic ties are never neatly separated from governmental and political ties and there will always be grey areas. But when it comes to the individual rights of EU citizens, the boundaries between black and white must be more absolute. Given Palantir’s ties with American security agencies, this company falls squarely out of the grey area.
Conclusion
The European Union is overly reliant on foreign companies for digital services, both on the government and the consumer level. This reliance cannot be fixed overnight. It is however high time to make choices that at least steer the EU towards more strategic independence. Companies that don’t fall within the EU’s jurisdiction cannot be involved with matters of domestic security. This must be particularly true for companies that have strong ties to American security services, as is the case with Palantir. If the EU or its Member States feel like they are dependent on a problematic company like Palantir, then that is a telltale sign of an addiction to US tech corporations and their position on privacy. Let’s kick the habit and make choices in line with our values and geopolitical ambition.
Thanks a lot, Sophie!
One of the biggest tech firms we’ve never heard of! I had a chance meeting with one of their employees yesterday and after chatting with him wanted to know more. Your article answers my suspicions! Thank you.
Great article!
Thank goodness we’ve left the EU, an inward looking sinking ship! lol!
Great article. Wish I’d come across it sooner.
Keep up the great work!
“The UK has invited the company into its health care system”.
Leaving the EU is not enough. The UK health system covers everyone from birth to grave, so you are all already registered with Palantir!
Thank you Ms In ‘t Veld for hitting the nail on the head with such a clear statement.
From Palantir to social networks and messaging systems, it is indeed appalling how both the citizens and their representatives (who should be more informed) have been giving up our privacy to foreign private companies over the past two decades.
I hope you manage to influence more and more people, we need this kind of wit, analysis skills and courage to shape a better future. Please keep up the hard but excellent work. Best wishes.
Thank you for this information.
You bring it to the point how the EU have to act!