The personal data of Victorians collected to combat the spread of COVID was sent off by the state government for the potential use by highly controversial US big data firm Palantir, a new report has revealed.

Guardian Australia revealed on Wednesday that COVID mobility data was passed to the Australian Criminal Intelligence Commission by the Victorian government in July 2020.

This was done to potentially use Palantir’s data harvesting program to identify mystery cases of the virus for the purpose of contact tracing.

Palantir was founded by Peter Thiel and other PayPal alum, and has been widely criticised for its partnership with the US Immigration and Customs Enforcement, the US military, spy agencies and its involvement with the Facebook Cambridge Analytica scandal, among others.

As Guardian Australia reported, a spokesperson for the Victorian government confirmed that this took place, saying it was to test the Palantir platform, and that the government ultimately opted to use a different platform.

“A sample set of de-identified mobility data was used to investigate whether the program could achieve what was required, with strict conditions in place about its use, accessibility and destruction,” the Victorian government spokesperson told Guardian Australia.

“The Department did not proceed with the program and instead developed an in-house tool, which successfully supported contact tracing throughout the pandemic.”

A spokesperson for the Australian Criminal Intelligence Commission confirmed that the state government had come to it for help to “demonstrate our analytical capabilities to analyse COVID-19 clusters”.

The spokesperson said that the data “met all legal requirements”.

Guardian Australia reported that this test included strict data protection provisions, such as the information being transferred via a secure portal that only limited staff had access to, and that no Palantir cloud storage system was used.

Palantir is a public US company based in Denver, Colorado, specialising in big data analytics. Its clients are typically large defence institutions along with a number of private sector organisations.

The US Department of Health also sought Palantir’s data service as part of its COVID response, enlisting the company as part of its HHS Protect Now program to track the spread of the virus. This also attracted significant controversy.

In 2018, a UK Parliamentary Inquiry heard that a former research director at Cambridge Analytica said that many meetings had happened with Palantir, and that they both hoovered up Facebook data from the same office.

Palantir has partnered with US immigration authorities for nearly a decade, developing software for the agencies. This software has been described as “mission critical” to Immigration and Customs Enforcement.

In Australia, Palantir has several contracts with federal departments and agencies, including the Department of Defence, the Australian Signals Directorate, AUSTRAC and the Department of Veterans’ Affairs.

Former federal Labor MP Mike Kelly was hired by Palantir less than two weeks after he retired from Parliament in early 2020.

On the same day as the Victoria COVID data story was broken, Palantir announced a further expansion into Australia with a partnership with WesTrac. Palantir has also had a “long-term flagship partnership” with mining giant Rio Tinto.

There have been concerns since the onset of the pandemic that the vast amounts of personal data captured by governments for the purpose of combating the spread of the virus would be utilised for other purposes.

This has been realised on several occasions. Multiple law enforcement agencies across the country have attempted to access QR code check-in data to solve crimes.

It was revealed that Queensland Police was given access to the state’s contact tracing check-in data on at least one occasion, while Western Australia Police used its data twice without obtaining a warrant. In Victoria, police tried to access COVID data but were knocked back.

In NSW, 500,000 business addresses were inadvertently leaked by the state government after collecting them for mandatory QR code check-ins.