NHS England has been criticised for awarding a key role in handling patient data to Palantir, a US company with links to the CIA and controversial surveillance practices. The contract, which was revealed by The Guardian, extends Palantir’s involvement in the NHS Covid-19 Data Store until 2025, and gives it access to a wide range of sensitive health information.
Palantir’s role in the NHS Covid-19 Data Store
Palantir, founded by billionaire Peter Thiel, is a data analytics company that has been involved in various military and intelligence projects, such as tracking insurgents in Iraq and aiding the US Immigration and Customs Enforcement (ICE) in deporting undocumented immigrants. It has also faced allegations of human rights violations, data breaches, and unethical practices.
In March 2020, Palantir was one of the companies that joined forces with NHS England to create the NHS Covid-19 Data Store, a centralised database that collects and analyses data from various sources, such as hospitals, laboratories, and social care providers, to inform the response to the pandemic. The Data Store was intended to help the NHS manage resources, track the spread of the virus, and identify vulnerable groups.
Palantir’s role was to provide its Foundry software, which enables data integration, analysis, and visualisation. The company initially offered its services for free, but later signed a contract worth £23.5 million for four months. The contract was extended until December 2020, and then until June 2022, with a total value of £31.5 million.
The new contract and its implications
The new contract, which was signed in December 2020 but only disclosed in February 2021, extends Palantir’s involvement in the NHS Covid-19 Data Store until 2025, and expands its scope to include other health and social care data, such as patient records, test results, and prescriptions. The contract is worth £23.5 million per year, with a total value of £112.5 million.
The contract has raised concerns among privacy campaigners, health professionals, and MPs, who have questioned the transparency, legality, and ethics of the deal. They have argued that Palantir has been given too much power and influence over the NHS data, without proper oversight, consultation, or consent from the public. They have also warned that Palantir could use the data for commercial purposes, or share it with third parties, such as the US government or other clients.
Some of the issues that have been raised include:
- The lack of public scrutiny and competitive tendering for the contract, which was awarded under emergency procurement rules that bypassed the normal process.
- The potential breach of data protection laws, such as the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, which require a clear and lawful basis for processing personal data, and the respect of the rights and preferences of the data subjects.
- The risk of data misuse or leakage, given Palantir’s history of involvement in controversial projects and its ties to the US intelligence agencies, which could access the data under the US Cloud Act or other legal mechanisms.
- The impact on public trust and confidence in the NHS, which could affect the willingness of people to share their data or use the health services, especially among marginalised or vulnerable groups.
The response from NHS England and Palantir
NHS England and Palantir have defended the contract, claiming that it is necessary and beneficial for the NHS and the public. They have argued that Palantir’s software has helped the NHS improve its response to the pandemic, by providing insights and tools that have saved lives and resources. They have also asserted that Palantir does not own or control the data, and that it is subject to strict safeguards and limitations on how it can use or access the data.
Some of the points that they have made include:
- The contract was awarded in accordance with the law and the guidance from the government, which allowed for emergency procurement in the context of the pandemic.
- The contract is subject to regular reviews and audits, and can be terminated or modified at any time by the NHS.
- The contract does not grant Palantir any rights to the data, and the data remains under the ownership and control of the NHS.
- The contract does not allow Palantir to use the data for any other purpose than supporting the NHS, and Palantir cannot share the data with any third party, including the US government or other clients.
- The contract complies with the data protection laws, and the data is processed in accordance with the principles of fairness, lawfulness, and transparency. The data is also anonymised or pseudonymised, and the data subjects can exercise their rights and preferences, such as opting out of the data sharing.
The ongoing legal challenge and public campaign
The contract is currently facing a legal challenge from openDemocracy, a media organisation, and Foxglove, a legal charity, which have filed a judicial review application in the High Court, seeking to overturn the contract and stop Palantir’s involvement in the NHS. The legal challenge is supported by a coalition of civil society groups, such as Liberty, Privacy International, and Doctors for Choice UK, which have launched a public campaign called “Stop Palantir’s NHS Data Grab”.
The legal challenge and the public campaign aim to expose the details and the implications of the contract, and to demand more transparency, accountability, and democracy in the decision-making process. They also hope to raise awareness and mobilise the public to oppose the contract and to protect their data rights.