Singapore markets open in 6 hours 24 minutes
  • Straits Times Index

    -15.09 (-0.49%)
  • S&P 500

    +6.50 (+0.15%)
  • Dow

    +33.20 (+0.10%)
  • Nasdaq

    -4.50 (-0.03%)

    +731.68 (+1.72%)
  • CMC Crypto 200

    -35.86 (-3.25%)
  • FTSE 100

    -26.87 (-0.38%)
  • Gold

    +0.80 (+0.05%)
  • Crude Oil

    +0.65 (+0.89%)
  • 10-Yr Bond

    +0.0500 (+3.55%)
  • Nikkei

    +609.41 (+2.06%)
  • Hang Seng

    -318.84 (-1.30%)
  • FTSE Bursa Malaysia

    -7.28 (-0.47%)
  • Jakarta Composite Index

    +2.10 (+0.03%)
  • PSE Index

    +36.25 (+0.52%)

Palantir warns investors of complex, inconsistent global privacy law risk

·4-min read

Palantir Technologies Inc. sent a warning to investors Tuesday in its application to publicly list on the New York Stock Exchange, stating that the “overarching complexity” of privacy and data laws from country to country pose major compliance challenges for the data company.

Privacy, data protection, and information security, subject to nascent and disparate laws and regulations still evolving around the globe, are critical competitive factors in the company’s industry, the company said in its S-1. The challenges are also front and center for Big Tech data collectors such as Alphabet’s Google, Facebook, Amazon and Apple, as well as for smaller startup firms.

“Outside of the United States, virtually every jurisdiction in which we operate has established its own legal framework relating to privacy, data protection, and information security matters with which we and/or our customers must comply,” Palantir said.

The shifting nature of such laws, Palantir said, “could manifest in costs, damages, or liability” for the company if it fails to implement and follow proper programmatic controls, or experiences malicious or inadvertent breaches of privacy and data protection requirements. In addition to the fines, lawsuits, and other claims that could arise based on non-compliance, the company stated that new and overhauled laws could require Palantir to “fundamentally change” or modify its business.

In a letter contained in the filing, Palantir’s CEO Alexander Karp separated the company’s data collection end game— to create software for national defense and intelligence agencies, as well as for state, local and foreign governments — from its fellow Silicon Valley-born startups focused on advertising models.

“From the start, we have repeatedly turned down opportunities to sell, collect, or mine data. Other technology companies, including some of the largest in the world, have built their entire businesses on doing just that,” Karp wrote. “Software projects with our nation’s defense and intelligence agencies, whose missions are to keep us safe, have become controversial, while companies built on advertising dollars are commonplace. For many consumer internet companies, our thoughts and inclinations, behaviors and browsing habits, are the product for sale. The slogans and marketing of many of the Valley’s largest technology firms attempt to obscure this simple fact.”

The logo of U.S. software company Palantir Technologies is seen in Davos, Switzerland Januar 22, 2020.  REUTERS/Arnd Wiegmann
The logo of U.S. software company Palantir Technologies is seen in Davos, Switzerland Januar 22, 2020. REUTERS/Arnd Wiegmann

Business model aside, Palantir’s disclosures highlight challenges faced by companies that collect and handle personal data, as international, national, state, local, and even private rules shift.

“These U.S. federal and state and foreign laws and regulations, which, depending on the regime, may be enforced by private parties or government entities, are constantly evolving and can be subject to significant change, and they are likely to remain uncertain for the foreseeable future,” the company said.

Uncertainty, Palantir said exists, even where legal requirements have been formally adopted. California’s Consumer Privacy Act (CCPA) that became effective in 2020, and the European Union’s General Data Protection Regulation (GDPR) that became effective in 2018, both lay out standards for processing, moving and disclosing personal data, yet according to the company have not existed long enough to evaluate the impact of compliance violations.

Added uncertainty in California comes from a ballot measure, Proposition 24, slated for November that would add restrictions to CCPA, requiring companies to minimize data personal data retention, ad targeting, and sharing.

“Complying with the GDPR or other data protection laws and regulations as they emerge may cause us to incur substantial operational costs or require us to modify our data handling practices on an ongoing basis,” Palantir stated. The company emphasized one penalty under GDPR that has been made clear: non-compliance can entitle authorities to 4% of a company’s worldwide annual revenue, or 20,000,000 Euro ($23,636,000), whichever is greater.

In 2019, Palantir lost $580 million. During the first half of 2020, the company pared losses to $165 million. It’s revenue for the first half of the year totaled $481million, an 49% increase over 2019.

According to Tuesday’s SEC filing, the company plans to list under the ticker symbol PLTR.


Alexis Keenan is a reporter for Yahoo Finance and former litigation attorney.

Follow Alexis Keenan on Twitter @alexiskweed.

Find live stock market quotes and the latest business and finance news

For tutorials and information on investing and trading stocks, check out Cashay

Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn, and reddit.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting