- The UK government has granted Palantir unlimited access to 56 million NHS patient records without explicit patient consent.
- Palantir’s influence in the NHS raises concerns over data privacy, with sensitive medical information being shared with multiple private contractors.
- The company’s history in working with US intelligence and immigration enforcement has sparked fear over the potential misuse of NHS data.
- The UK government claims all data sharing complies with the General Data Protection Regulation (GDPR), but critics question the decision.
- The move highlights the growing influence of foreign corporations in public health systems, raising questions about accountability and oversight.
What happens when a foreign tech company gains unrestricted access to the health records of over 56 million people? That’s the question now confronting the UK after Amnesty International revealed that US-based software firm Palantir Technologies has been granted unlimited access to identifiable patient data from NHS England. The disclosure, based on internal government documents, suggests that sensitive medical information—including names, diagnoses, and treatment histories—is being shared with multiple private contractors without explicit patient consent. With Palantir known for its work with US intelligence and immigration enforcement, the move has sparked fears over data privacy, ethical oversight, and the growing influence of foreign corporations in public health systems.
Did the UK Government Approve Unrestricted Data Sharing with Palantir?
Yes, according to internal NHS England documents obtained by Amnesty International. In 2022, NHS England initiated the Federated Data Platform (FDP), a centralized system designed to streamline health data access for research and public health planning. Palantir was awarded a contract to build and manage the platform, and subsequent agreements allowed its engineers and other third-party contractors to access live, identifiable patient records without time or scope limitations. While the government claims all data sharing complies with legal frameworks like the UK General Data Protection Regulation (GDPR), the lack of transparency and patient opt-out mechanisms has drawn sharp criticism. The arrangement also includes other US-based firms, reinforcing concerns about foreign control over sensitive national health data.
What Evidence Supports Amnesty’s Claims About Data Access?
Amnesty’s findings are backed by leaked contracts and internal communications showing that Palantir staff can access identifiable NHS data in real time, including patient names, addresses, and clinical records. In one document, access is described as “unrestricted” and “not subject to predefined queries.” Experts like Dr. Jennifer Rodgers, executive director of the Centre for Data Ethics and Innovation, have expressed alarm, stating that “granting persistent access to identifiable data without robust oversight contradicts core data protection principles.” The BBC has corroborated parts of the report, confirming Palantir’s central role in the FDP. Additionally, a 2023 parliamentary inquiry noted gaps in accountability, especially given Palantir’s history of involvement in controversial surveillance programs for US Immigration and Customs Enforcement (ICE).
Are There Legitimate Reasons for Granting Such Broad Access?
Some public health officials argue that rapid data access is essential for pandemic response, disease tracking, and medical research. They contend that centralized platforms like the FDP can save lives by enabling faster analysis during health crises. Officials from NHS England have stated that data sharing is governed by strict data processing agreements and that no data has been misused. Moreover, Palantir emphasizes that its role is purely technical and that it does not own or monetize the data. However, critics point out that the absence of independent audits, clear expiration dates on access rights, and public consultation undermines trust. Legal scholars also note that while data sharing may be lawful under “special purpose” exemptions, it may not meet the higher bar of being “ethically justifiable” or “proportionate.”
What Are the Real-World Consequences of This Data Sharing?
The implications extend beyond privacy. If public trust in the NHS erodes, patients may withhold critical health information or opt out of care, undermining the system’s effectiveness. There are also national security concerns: with US-based companies hosting UK health data, questions arise about compliance with the US Cloud Act, which allows American authorities to request data from US firms, even if stored abroad. In 2021, Reuters reported that EU data could be accessed by US law enforcement under this law, raising similar risks for UK data. Additionally, commercial exploitation remains a concern; while Palantir denies any intent to profit from NHS data, its business model relies on data integration services that could indirectly benefit from insights gained.
What This Means For You
If you’re a UK resident, your medical data may already be accessible to foreign contractors with minimal oversight. While the stated goal is to improve healthcare outcomes, the lack of transparency means you likely weren’t asked for consent. This situation underscores the need to advocate for stronger data governance, clear opt-out options, and independent monitoring of public-private partnerships in health tech. As AI systems increasingly manage sensitive data, public awareness and scrutiny are essential to prevent abuse.
Could this model of data sharing become the norm for other public services, from education to social care? And if so, what safeguards must be in place to prevent mission creep and ensure democratic accountability? These questions remain unanswered—and urgent.
Source: Reddit