Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'FTC enforces EU-US Data Privacy Framework commitments and has authority over deceptive representations about international data transfer safeguards.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this International Data Transfers clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar International Data Transfers clauses across approximately 29 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

International Data Transfers — Palantir

Share 𝕏 Share in Share 🔒 PDF

What it is

If you're in the EU, UK, or Switzerland, Palantir may transfer your personal data to the US, using legal contracts approved by the EU to make this transfer lawful.

Consumer impact (what this means for users)

Your personal data as an EU/UK/Swiss resident may be sent to the United States where privacy protections differ from European law, though Palantir uses EU-approved contractual safeguards to attempt to make this lawful.

Cross-platform context

See how other platforms handle International Data Transfers and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Cross-border data transfers from the EU to the US have been repeatedly challenged in court (Schrems I and II), and reliance on Standard Contractual Clauses requires ongoing supplementary safeguards and risk assessments.

View original clause language

If you are located in the European Economic Area, the United Kingdom, or Switzerland, your personal data may be transferred to and processed in countries outside these regions, including the United States. We rely on Standard Contractual Clauses approved by the European Commission as a transfer mechanism for such transfers.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision engages GDPR Chapter V (Arts. 44–49) on international transfers, specifically reliance on Standard Contractual Clauses (SCCs) per European Commission Implementing Decision 2021/914; UK ICO's International Data Transfer Agreements (IDTAs) and Addendum for UK transfers; and the EU-US Data Privacy Framework (DPF) as an alternative adequacy mechanism. The CJEU's Schrems II decision (C-311/18) requires Transfer Impact Assessments (TIAs) alongside SCCs. Primary enforcement authority rests with EU national DPAs and the UK ICO.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

FTC enforces EU-US Data Privacy Framework commitments and has authority over deceptive representations about international data transfer safeguards.
File a complaint →

Provision details

Document information

Document

Palantir Privacy Statement

Entity

Palantir

Document last updated

April 29, 2026

Tracking information

First tracked

April 30, 2026

Last verified

April 30, 2026

Record ID

CA-P-004242

Document ID

CA-D-00496

Evidence Provenance

Source URL

https://www.palantir.com/privacy-and-security/

Wayback Machine

View archived versions →

SHA-256

eb927d9bd1bc02713391ebd4577b404a2136eba1e135746456110bc968e6e635

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Palantir | Document: Palantir Privacy Statement | Record: CA-P-004242
Captured: 2026-04-30 07:23:49 UTC | SHA-256: eb927d9bd1bc0271…
URL: https://conductatlas.com/platform/palantir/palantir-privacy-statement/international-data-transfers/
Accessed: May 2, 2026

Classification

Severity

High

International Data Transfers