MPs have warned that the decision by NHS England to grant staff from the US tech firm Palantir and other contractors “unlimited access” to identifiable patient data represents a dangerous escalation that will deepen public fears about data privacy. Labour MP Rachael Maskell, a former NHS worker who has called for the project to be stopped, said: “As Palantir get their claws deeper into our NHS data we can see how it is opening it up to greater private interest. This is a dangerous development and I ask the government to get a grip on this project before it is too late.”
Data access concerns
The move, reported in recent weeks, centres on the creation of an “admin” role within the NHS’s Federated Data Platform (FDP) that allows non-NHS England staff – including Palantir engineers and other contractors – to view identifiable patient information before it has been pseudonymised. The FDP, built on Palantir’s Foundry software, was awarded to a consortium led by Palantir Technologies UK Limited in November 2023 under a seven-year contract worth up to £330 million. NHS England awarded the contract following what it described as a “rigorous, competitive procurement process”, but the deal has been dogged by warnings from campaigners and MPs since its inception.
The specific component involved is the National Data Integration Tenant (NDIT), a part of the FDP that holds identifiable data. An internal NHS England briefing acknowledged that the new access arrangements carry a “risk of loss of public confidence” and that there is “considerable public interest and concern about how much access to patient data Palantir/Palantir staff have”. Previously, contractors were required to obtain individual data access permissions, a process that had become time-consuming given the hundreds of different datasets within the system. Under the new arrangement, the “admin” role effectively grants unlimited access to non-NHS England staff before pseudonymisation, a step that normally removes direct identifiers.
NHS England has stressed that any external consultant requiring data access must possess government security clearance and be approved by a member of NHS England staff at director level or above. It said it has “strict policies in place for managing access to patient data” and carries out regular audits. Instances in which Palantir staff do see identifiable data while working on the system’s “pipelines” are logged, the company said, adding that they do not have permission to remove the data from the NHS. Palantir maintains that it acts solely as a “data processor”, not a “data controller”, meaning its software can only process data exactly as instructed by an NHS user. “Using the data for anything else would not only be illegal but technically impossible due to granular access controls overseen by the NHS,” the company said. It also emphasised that it is prohibited from commercialising or marketing NHS data, even on an anonymised basis, or using it to develop its own products.
Despite these reassurances, the scale of the access and the profile of the company involved have drawn sharp criticism. Martin Wrigley, a Liberal Democrat member of the Commons technology select committee, described the NHS’s attitude as “cavalier”. He said: “This whole project does not have security by design at its heart. The public will be rightfully concerned that data privacy is not the first concern.”
Growing public opposition
Patient advocacy groups and campaigners have voiced alarm over what they see as a breach of trust. The Patients Association said it was “concerned” that patients were not consulted on a significant change to who has unlimited access to their data. Rachel Power, its chief executive, said patients wanted “transparency, clear boundaries around access to their data, and to be consulted when changes to those agreements are proposed”. Tom Hegarty, head of communications at the tech equity campaign group Foxglove, argued that “NHS patients never consented to have their data accessed by a company like Palantir whose record is in targeting people, not caring for them”. He added: “Once again: Palantir fails the trust test. The government should … cut Palantir out of our NHS once and for all.”
Public opinion polling conducted last week found that more than two-thirds of the UK public are concerned about Palantir’s growing number of public contracts, and 40% said they distrust the company not to access NHS patient data – despite the company’s repeated insistence that it cannot and will not do so. More than 229,000 people have signed petitions demanding the government terminate all contracts with Palantir. The British Medical Association (BMA) has pledged to issue guidance to its members on limiting engagement with the FDP because of its links to Palantir, calling for a “complete break” from the company. The Green Party has said it will “use every means at [its] disposal … to get [Palantir] out of the NHS”.
Broader concerns have been raised about Palantir’s track record and its widening role across the UK public sector. The company supports Donald Trump’s Immigration and Customs Enforcement (ICE) crackdown, as well as the Israeli, US and UK militaries. The human rights group Liberty has warned of “dystopian predictive policing” and “indiscriminate mass surveillance” in connection with Palantir’s technology. Last month it emerged that Palantir is closing in on a deal to expand its work with the Metropolitan Police, using AI to analyse intelligence in criminal investigations. The company already holds a £240 million contract with the Ministry of Defence and a pilot contract with the Financial Conduct Authority to analyse sensitive financial regulation data. Overall, Palantir’s UK public sector contracts are believed to exceed £600 million, with some estimates putting the total above £670 million.
Questions have also been asked about the procurement process itself. The FDP contract was awarded at the end of a bidding process that drew criticism for being shorter than usual and less transparent, and it was subject to legal challenges. The contract’s details have been heavily redacted, prompting MPs to call for greater scrutiny. Some have questioned the value for money. There are also concerns about vendor lock-in: critics argue that Palantir’s system is not easily interoperable with other NHS systems and that the NHS does not own the underlying software. Some NHS users have reportedly described the software as “awful to use”.
Palantir’s chief executive, Alex Karp, has made controversial public statements, including suggesting that some cultures are “dysfunctional and regressive”, which MPs have described as disturbing and indicative of an ethos unsuited to handling sensitive UK data. The company’s recent publication of a manifesto containing similar language has only added to those concerns.
NHS England told the Financial Times that it monitors the work of engineers and that “anyone external requiring access must have government security clearance and be approved by a member of NHS England staff at director level or above”. It maintains that the FDP is designed with “privacy by design” at its heart. However, the internal briefing that acknowledged the risk to public confidence suggests that officials themselves recognise the precariousness of the situation. As the former Labour minister Peter Mandelson – whose consulting firm Global Counsel had a role in the early stages of the NHS deal – maintains ties to Palantir, the political and ethical dimensions of the arrangement continue to draw scrutiny. The government is reportedly considering whether to activate a break clause in the contract.