Palantir is Embedding Itself in Australia: What Does This Mean for Your Privacy?

Palantir Technologies, a USA data analytics company with origins in counter-terrorism efforts, is increasingly establishing a significant presence in Australia, integrating its powerful platforms into both government and private sector operations. While the company promises enhanced efficiency and decision-making through its ability to integrate vast and disparate datasets, its track record globally and its growing footprint here raise serious concerns about the potential risks to the privacy and security of personal information belonging to Australians.

What is Palantir and Why the Concern?

Founded in the wake of 9/11, Palantir initially focused on supporting US intelligence services. The company sells data integration and analytics platforms, primarily Gotham and Foundry. Early investment from the CIA's seed funding program foreshadowed their frequent use by national security, defence, and law enforcement agencies. However, Palantir's capabilities, designed for high-stakes national security, are adaptable to other contexts like tracking immigrants or predictive policing. This "dual-use nature" facilitates "mission creep," where data collected for one purpose might be repurposed without the individual's consent.

Globally, Palantir has faced significant criticism. Amnesty International has accused the company of involvement in "serious human rights abuses". Concerns include reported work with US Immigration and Customs Enforcement (ICE) under the Trump administration, which critics claim facilitated deportations. The company's technology has also been used in controversial "predictive policing" initiatives, attempting to forecast and prevent criminal activity.

Palantir's Growing Presence Down Under

Palantir's Australian operations began in 2011 to serve the Five Eyes intelligence alliance. However, its reach has expanded significantly. Palantir holds contracts with several Australian government departments and agencies, including the Department of Defence, Australian Signals Directorate, AUSTRAC, and the Department of Veterans' Affairs. The Australian Defence Force is using Palantir's Vantage system to assess "Force Readiness" by integrating various types of data, including logistics, personnel, financial, equipment, and risk data.

Beyond government, Palantir has secured contracts with major Australian corporations like Coles, Rio Tinto, and Westrac. Coles, for example, is using Palantir's Foundry platform for its workforce strategy and integrated supply chain functions, meaning workforce data for 120,000 Australians is processed through Palantir's systems.

Perhaps one of the most concerning examples in Australia occurred in 2020, when the Victorian government passed COVID mobility data to the Australian Criminal Intelligence Commission for potential analysis using Palantir's program to identify mystery cases for contact tracing. This highlights how data collected for a public health purpose can be potentially repurposed for intelligence analysis.

Potential Risks and Threats for Australian Data

Given Palantir's capabilities and global history, its presence in Australia brings several potential privacy and security risks:

Comprehensive Profiling and Surveillance: Palantir's core function is integrating vast, disparate datasets. This capability, combined with its presence in Australian government and private sector entities, poses a risk of creating detailed profiles of Australians by linking information across various domains of their lives. While the intention might be efficiency or fraud detection, the potential for extensive surveillance is inherent. Reports about ambitions to create a "master database on every American" using Palantir illustrate this risk on a national scale.

Mission Creep and Data Repurposing: Data collected for a specific, seemingly benign purpose (like COVID tracing or workforce management) could potentially be used for other objectives without clear consent or legal basis.

Algorithmic Bias and Discrimination: Palantir's platforms use AI for analysis. If the data used to train these algorithms reflects existing societal biases, such as historical discrimination, the system could perpetuate and amplify these biases, potentially leading to discriminatory outcomes for specific groups within Australia. Australia's own AI Ethics Principles emphasize the importance of fairness and non-discrimination.

Lack of Transparency and Accountability: Palantir has a reputation for being secretive, often using non-disclosure agreements in its contracts. This opacity makes it difficult for the public and potentially even oversight bodies to understand what data is being processed, how it's being used, and whether safeguards are effective. The "black box" nature of advanced AI systems exacerbates this.

Data Sovereignty Concerns: As a US-based company, Australian data processed by Palantir could potentially be accessed by US authorities under American surveillance laws.

Access Control Vulnerabilities: While Palantir promotes robust access controls, investigations have reportedly found that these are not always properly applied in practice, especially in law enforcement contexts. This raises concerns about who might have access to sensitive Australian data and for what purposes.

Data Breach Risks: Despite Palantir's stated security protocols, complex data ecosystems are never entirely immune to vulnerabilities. Given the volume and sensitivity of data Palantir handles for government and large companies, a breach could expose vast amounts of personal information of Australians. The existing public concern about data breaches in Australia underscores this heightened risk.

Questionable Corporate Practices: A confirmed incident involving NHS England saw Palantir investigated for allegedly violating contract terms by conducting a covert influencer campaign targeting critics, demonstrating a potential corporate culture issue that prioritizes business over transparent and ethical data handling.

What Information Might Be Accessible?

Based on Palantir's operations and clients in Australia and the types of data it's known to handle globally, the information potentially accessible could be extensive and sensitive:

- COVID mobility data (as seen in the Victorian example).
- Detailed military personnel records, logistics, financial, equipment, and risk data from the Department of Defence.
- Comprehensive workforce data for 120,000 Coles employees.
- Data handled by agencies like AUSTRAC and the Department of Veterans' Affairs.
- Information that, if integrated, could create detailed profiles including nationality, information from applications (like asylum), racial or ethnic origin, political opinions, beliefs, trade union membership, sex life or sexual orientation, and criminal history, similar to concerns raised elsewhere.
- In a scenario mirroring the US ambition, data from various government sources potentially including tax returns, employment status, immigration status, and family details could theoretically be linked.

Are Australian Laws Enough?

Australia has the federal Privacy Act 1988 and its Australian Privacy Principles (APPs), enforced by the OAIC, which set standards for handling personal information. Recent amendments aim to strengthen protections. However, public sentiment in Australia shows a mix of resignation and concern about data sharing, with many feeling they have limited control and that breaches are inevitable. The introduction of powerful platforms like Palantir, with its history of privacy controversies and opacity, makes this context particularly sensitive.

Legal compliance alone may not be sufficient. The OAIC recommends caution with AI involving personal data, and the Australian Parliament has raised concerns about AI for public sector surveillance and the need for international cooperation on AI risks.

Experts and reports recommend actions like mandatory, independent Human Rights and Privacy Impact Assessments for government contracts involving such platforms, increased legislative oversight, policies to address algorithmic bias, and a review of whether the "data processor" distinction adequately captures the ethical responsibilities of companies like Palantir. Public education on data privacy risks is also crucial.

What Can Australians Do?

While Palantir's technology offers powerful capabilities, its potential for misuse and the erosion of privacy and civil liberties are significant concerns highlighted by its global operations. As Palantir embeds itself deeper into Australian systems, it's crucial for citizens to be aware, demand transparency from government agencies and corporations using these platforms, and advocate for strong oversight and legal protections that go beyond technical compliance to address the broader ethical and human rights implications. We cannot afford to become complacent about who holds our data and how they use it.

Possible referrals should be made by the public etc to the Office of the Australian Information Commissioner (OAIC)?

Here’s just one example of online information available about this corporation and some concerns etc:

Sources:

• https://www.businessinsider.com/what-palantir-name-means-lord-of-the-rings-peter-thiel-2020-7?r=US&IR=T

• https://theintercept.com/2017/03/02/palantir-provides-the-engine-for-donald-trumps-deportation-machine/

• https://mijente.net/wp-content/uploads/2018/10/WHO%E2%80%99S-BEHIND-ICE_-The-Tech-and-Data-Companies-Fueling-Deportations-_v1.pdf

• https://www.whatdotheyknow.com/request/data_processing_by_palantir_for

• https://members.parliament.uk/member/3608/registeredinterests

• https://twentyessex.com/people/daniel-bethlehem/

• https://www.gov.uk/government/publications/home-office-business-appointment-rules-advice/home-office-business-appointment-rules-advice-october-to-december-2019

• https://notechfortyrants.org/2020/10/22/whos-behind-palantir-uk-feat-what-are-they-doing-on-your-campus-report-supplement/

• https://www.palantir.com/palantir-gotham/

• https://www.vice.com/en_us/article/9kx4z8/revealed-this-is-palantirs-top-secret-user-manual-for-cops

• https://www.palantir.com/palantir-foundry/

• https://www.palantir.com/build/files/An%20Open%20Technology%20Solution.pdf

• https://www.scribd.com/document/418918675/Palantir-Foundry-Booklet-2

• https://ctovision.com/an-interview-with-robert-fink-architect-of-foundry-palantirs-open-data-platform-part-one-open-data-architectures

• https://ctovision.com/the-titan-release-of-palantir-gotham/

• https://www.digitalmarketplace.service.gov.uk/g-cloud/services/660200105725744

• https://www.digitalmarketplace.service.gov.uk/g-cloud/services/501000199851013

• https://www.palantir.com/philanthropy-engineering/annual-report/2017/c4ads.html

• https://ctovision.com/an-interview-with-robert-fink-architect-of-foundry-palantirs-open-data-platform-part-three-open-development-environments/

• https://www.sec.gov/Archives/edgar/data/1321655/000119312520248369/d904406ds1a.htm#rom904406_14

• https://privacyinternational.org/long-read/3751/sort-trust-verify-palantir-responds-questions-about-its-work-nhs

• https://tech.newstatesman.com/coronavirus/palantir-nhs-datastore-contract-extension

• https://www.opendemocracy.net/en/under-pressure-uk-government-releases-nhs-covid-data-deals-big-tech/

• https://www.contractsfinder.service.gov.uk/Notice/c66036ee-a63e-4452-bafe-2410e9b51587?origin=SearchResults&p=1

• https://www.england.nhs.uk/publication/data-protection-impact-assessment-nhs-covid-19-data-store/

• https://www.foiaonline.gov/foiaonline/action/public/submissionDetails?trackingNumber=DON-NAVY-2019-009066&type=request

• https://assets.digitalmarketplace.service.gov.uk/g-cloud-11/documents/92736/660200105725744-terms-and-conditions-2019-05-22-1447.pdf

• https://assets.digitalmarketplace.service.gov.uk/g-cloud-11/documents/92736/501000199851013-terms-and-conditions-2019-05-22-1449.pdf

• https://www.brennancenter.org/our-work/research-reports/predictive-policing-explained

• https://theintercept.com/2018/05/11/predictive-policing-surveillance-los-angeles/

• https://thenextweb.com/artificial-intelligence/2018/06/01/google-announces-it-wont-renew-military-ai-contract/

• https://thenextweb.com/artificial-intelligence/2019/12/11/report-palantir-took-over-project-maven-the-military-ai-program-too-unethical-for-google/

• https://freiheitsrechte.org/pm-vb-hessen/

• https://euobserver.com/justice/139277

• http://privacyinternational.org/news-analysis/2712/one-uns-largest-aid-programmes-just-signed-deal-cia-backed-data-monolith

• https://www.palantir.com/2012/11/announcing-the-palantir-council-on-privacy-and-civil-liberties/

• https://au.gradconnection.com/employers/palantir-technologies/privacy-civil-liberties/

• https://publications.parliament.uk/pa/jt201617/jtselect/jtrights/443/44307.htm

• https://petition.parliament.uk/petitions/332714

• privacyinternational.org

• notechfortyrants.org

• notechfortyrants.org/contact

• nola.com

• nolaforlife.org

• amnestyusa.org

• www.creativecommons.org

• onetrust.com

• dataguidance.com

• millsoakley.com.au

• www.oaic.gov.au

• oaic.gov.au

• oaic.gov.au/pia-tool

• ollama.com

• https://journals.sagepub.com/doi/10.1177/20539517241255108

• https://www.upguard.com/security-report/palantir-technologies

• https://privacyinternational.org/sites/default/files/2021-11/All%20roads%20lead%20to%20Palantir%20with%20Palantir%20response%20v3.pdf

• https://bronson.ai/resources/security-and-privacy-on-palantir-best-practices/

https://twitter.com/PalantirTech/status/1797761910753300736

• sPD.co.il

• https://thinkinsights.net/digital/palantir-business-model

• https://www.palantir.com/assets/xrfr7uokpv1b/3w1i0rBIS4i5BGWHZ0om4m/46decd45f7efe1612924d609223a8c0b/Company_Overview__USG_.pdf

• https://www.trs.com.cn/en/ABOUTUS/news/202503/t20250314_10517.html

• https://www.palantir.com/pcl/

• https://www.palantir.com/offerings/intelligence/

• https://mashable.com/article/what-is-palantir-trump-data-collection-database

• https://www.moomoo.com/news/post/53820492/palantir-ceo-alex-karp-says-you-can-have-a-great

• https://platform.softwareone.com/product/palantir-gotham/PCP-0013-5008

• https://www.applytosupply.digitalmarketplace.service.gov.uk/g-cloud/services/801146272055049

• https://www.palantir.com/assets/xrfr7uokpv1b/54mwrnjeu6Y55Lj24RS1Sx/2e2b7b7b4fe2f0ad9ee6a95e976c03c6/FfB_Technical_Overview_v4.pdf

• https://palantir.com/docs/foundry/data-integration/datasets/

• https://www.israelhayom.com/2025/06/03/palantir-slams-report-says-it-never-collects-data-to-unlawfully-surveil-americans/

• https://stackoverflow.com/questions/79458859/palantir-foundry-archiving-and-versioning-big-data

• https://www.palantir.com/platforms/aip/defense/

• https://www.business-humanrights.org/en/latest-news/palantir-claims-applying-generative-ai-to-

• https://www.industry.gov.au/publications/australias-artificial-intelligence-ethics-principles/australias-ai-ethics-principles

• https://bylinetimes.com/2025/05/07/palantir-nhs-confederation-expo/

• https://www.gitguardian.com/remediation/palantir-jwt

• https://www.reddit.com/r/PLTR/comments/1hczd2e/palantir_awarded_43_million_6_month_cont

• https://www.reddit.com/r/PLTR/comments/1gfei21/palantir_technologies_awarded_715_million_3year/

• https://www.australiandefence.com.au/podcasts/adm-podcast-107-palantir-s-vantage-using-ai-and-live-data-to-assess-force-readiness

• https://www.ag.gov.au/rights-and-protections/privacy

• https://www.oaic.gov.au/privacy/privacy-legislation/the-privacy-act

• https://www.dlapiperdataprotection.com/index.html?t=law&c=AU

• https://www.reddit.com/r/AskAnAustralian/comments/1i1ph4b/how_do_australians_feel_about_their_personal_data/

• https://www.finance.gov.au/sites/default/files/2022-10/australian-data-strategy.pdf

• https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-use-of-commercially-available-ai-products

• https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/PublicsectoruseofAI/Report

• https://www.privateinternetaccess.com/blog/privacy-issues-palantirs-move-law-enforcement-tackle/

• https://palantir.com/docs/foundry/security/overview/

• https://goodlawproject.org/nhs-to-investigate-palantir-influencer-campaign-as-possible-contract-breach/

• https://www.tenders.gov.au/Cn/Show/abce7d48-265e-4b3c-aa77-7fbc197e84f2

• https://blog.palantir.com/human-rights-and-technology-38580c5ac379

• https://www.techmonitor.ai/data/palantir-data-sharing-nhs/

• https://www.tenders.gov.au/Cn/Show/9876654e-12c7-4db0-b82c-8c0ccaa10798