At Palantir, we're committed to helping organizations protect privacy and strengthen trust in how they use information and achieve the potential of their digital transformation. Organizations use Palantir Foundry as their secure and accountable infrastructure to maximize the utility of their data while making sure that it's processed in accordance with the rules, regulations, and norms that govern data privacy.
Around the world, Palantir is helping customers meet their compliance obligations in ever-evolving regulatory environments. More specifically, Palantir currently offers the following data protection modules, which were originally developed to help our customers comply with their obligations under the EU General Data Protection Regulation (GDPR):
- Data Subject Access Request Module – This module seeks to assist organizations with implementing Article 15 GDPR or comparable privacy regulations, giving data subjects the right to obtain confirmation from the controller whether any data is being processed about them as well as access to basic information about that data. Using our product Palantir Foundry, organizations can integrate, review, track, and create reports to respond to data subject access requests in a more streamlined and timely way.
- Right to be Forgotten Module – This module seeks to assist organizations with Article 17 GDPR or comparable privacy regulations, colloquially known as the “Right to be Forgotten” or “Right to Erasure.” It builds upon an integrated data foundation in Palantir Foundry, but also provides ways to identify where relevant information may exist in source systems, enabling authorized data protection users and database owners to review the accuracy and eligibility of this data, and then run and orchestrate deletion pipelines as appropriate.
Both of these modules can be deployed together as they share a common data asset that tracks data sources and sensitive data.
While the modules mentioned above were designed to help customers meet their specific data protection obligations under the GDPR, they are just as relevant to comparable regulatory contexts too, including Brazil's Lei Geral de Proteção de Dados (or LGPD), the California Consumer Privacy Act (CCPA) and its recent amendments through the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act, and other privacy regulation arising around the world.