The National Health Service (NHS) has broken its silence after facing criticism for handing a £330m data contract to Palantir, a US spy technology company. The contract, which was awarded without competition, will give Palantir access to and oversight of sensitive health data of millions of UK citizens. The NHS claims that the contract is necessary to support its data analysis and planning during the pandemic and beyond.
Palantir: a controversial choice for the NHS
Palantir is a data analytics company that was founded in 2003 with the backing of the US Central Intelligence Agency (CIA). It has been involved in various controversial projects, such as helping the US Immigration and Customs Enforcement (ICE) track and deport undocumented migrants, and providing software to the US military and intelligence agencies. Palantir has also been accused of having close ties to former US President Donald Trump and his financier Peter Thiel, who is one of the co-founders of the company.
Palantir’s involvement in the NHS began in March 2020, when it was part of a consortium of tech giants that offered to help the NHS create a data store to manage the COVID-19 crisis. The initial deal was worth only £1, but it was later extended to £23m in December 2020, and then to £24.9m in June 2023. The contract will run until June 2024, and will cover the transition to a new £480m Federated Data Platform (FDP), which is expected to be awarded in September 2023.
The NHS says that Palantir’s software and staff will help the NHS analyse vast amounts of data from various sources, such as hospital records, test results, and vaccination data, to improve its response to the pandemic and other challenges. The NHS also says that it will retain full control and ownership of the data, and that Palantir will not store or share the data with anyone else. The NHS says that the data will be pseudonymised, anonymised, or aggregated to protect the privacy of the patients.
Legal action and public outcry over the contract
However, not everyone is convinced by the NHS’s assurances. The contract has been challenged by several groups, such as Open Democracy, Foxglove, and Privacy International, who have raised concerns about the lack of transparency, accountability, and public consultation over the deal. They argue that the contract represents a major change in the way the NHS uses and shares health data, and that it could pose risks to the privacy and security of the patients and the public.
Open Democracy and Foxglove have launched a legal action against the NHS, claiming that it failed to conduct a proper Data Protection Impact Assessment (DPIA) before awarding the contract to Palantir. They also allege that Palantir lobbied a top NHS official over expensive watermelon cocktails to secure the deal. They say that the contract could give Palantir a permanent role in the NHS infrastructure, and that the public should have a say in how their health data is used.
The legal action has been supported by more than 10,000 people who have signed a petition calling for the NHS to cancel the contract and consult the public. The petition also demands that the NHS should publish the full details of the contract, the DPIA, and the safeguards that are in place to protect the data. The petition says that the contract “risks demolishing trust in the NHS” and that Palantir is “not a suitable partner for our health service”.
The NHS responds to the criticism
The NHS has defended its decision to award the contract to Palantir, saying that it was done in accordance with the procurement rules and the data protection law. The NHS says that it conducted a DPIA in April 2020, and that it will publish an update in due course. The NHS also says that the contract is a temporary measure to ensure that there is no gap in service provision and to support the smooth transition to the new FDP.
The NHS says that the FDP procurement process is separate from the Palantir contract, and that it is taking place in a competitive and transparent manner. The NHS says that the successful supplier of the FDP will be required to go through due diligence before the contract is awarded, and through various stages throughout its lifetime. The NHS says that the FDP will enable the NHS to use data more effectively and efficiently, and to deliver better outcomes for the patients and the public.
The NHS says that it is committed to protecting the privacy and security of the health data, and that it will only use the data for the purposes that are lawful, necessary, and proportionate. The NHS says that it will not allow Palantir or any other third party to access, use, or share the data for any other reason than to support the NHS. The NHS says that it will continue to engage with the public and the stakeholders on how it uses and shares health data, and that it welcomes feedback and suggestions.
