For the past five years, the Swedish Police Authority has been using Palantir Technologies’ powerful AI-driven intelligence platform—known internally as Acus—to aggregate and analyse vast troves of personal data, including criminal records, intelligence reports, BankID logs, mobile operator metadata, and social media activity. The revelation, first reported by Swedish newspaper ETC, has ignited urgent questions about transparency, data governance, and Sweden’s alignment with European privacy standards.
A Secretive Surveillance Infrastructure
According to a former police analyst who spoke to ETC on condition of anonymity, the deployment of Palantir’s Gotham platform—renamed Acus in Sweden—has been shrouded in secrecy. “There was a lot of hush-hush around that program,” the source said, highlighting a marked contrast with public debates seen in peer democracies like the United Kingdom and Germany, where law enforcement use of Palantir has triggered parliamentary scrutiny and civil society backlash.
Despite repeated inquiries from ETC, the Swedish Police Authority has refused to confirm or deny the partnership, citing “risks to national security.” In a terse statement, the agency declined to disclose how many individuals are monitored through the system or whether sensitive Swedish data is stored in Palantir’s U.S.-based cloud infrastructure—a concern that directly implicates compliance with the EU’s General Data Protection Regulation (GDPR).
Palantir’s Controversial Global Footprint
Palantir Technologies, U.S.-based data analytics firm co-founded by Peter Thiel, has long courted controversy. Beyond its contracts with U.S. defence and intelligence agencies, the company supplies battlefield command software to militaries worldwide—including Israel’s Defence Forces (IDF). In October 2024, a United Nations Human Rights Council report accused Palantir of enabling violations of international humanitarian law in Gaza through its role in Israel’s military targeting systems. Palantir has denied the allegations, calling them “factually inaccurate and politically motivated.”
Nevertheless, the company’s deepening entanglement in geopolitical conflicts raises red flags for European public institutions. The Swedish Police’s silence on data-sharing protocols, oversight mechanisms, and legal safeguards suggests a troubling lack of accountability—particularly given the sensitivity of the personal information being processed.
Legal and Democratic Implications for Sweden
Sweden’s deployment of Palantir’s Gotham platform without public consultation or parliamentary oversight appears to contravene core principles of democratic governance and digital rights. Under GDPR, public authorities must ensure that processing of personal data is lawful, necessary, and proportionate—and that individuals retain meaningful rights to access and challenge that processing. Storing sensitive data with a foreign corporation whose servers may be subject to U.S. surveillance laws (such as the CLOUD Act) further complicates compliance.
Moreover, the absence of transparency makes it impossible for Sweden’s Data Protection Authority (IMY) or the public to assess whether the use of Acus respects constitutional protections or exposes citizens to unwarranted surveillance.
A Call for Accountability
The Nordic Business Journal calls on the Swedish government to immediately clarify the scope, legal basis, and oversight framework governing the Police Authority’s use of Palantir. Citizens deserve to know:
– What categories of personal data are being fed into the system?
– How many individuals are currently monitored or flagged?
– Where is the data stored, and under which jurisdiction?
– What independent audits or safeguards are in place to prevent abuse?
In an era where AI-driven surveillance is becoming routine, democratic societies cannot afford secrecy masquerading as security. Sweden—long a champion of transparency and human rights—must lead by example, not retreat into opacity.
— Reporting contributed by Nordic Business Journal’s investigative desk.