Palantir Secures Access to 57 Million NHS Patient Records

By VirentaNews Staff — May 24, 2026

In a quiet corner of Manchester, behind the unmarked doors of a data operations center, servers hum with the lifeblood of a nation’s health—millions of medical records, each containing intimate details of illness, treatment, and personal history. These files, once locked in paper cabinets and guarded by strict confidentiality, now flow through digital pipelines to a network of private contractors thousands of miles away. Among them, a single name looms largest: Palantir, the US-based software firm co-founded by billionaire Peter Thiel. According to a recent investigation by Amnesty International, Palantir and several other technology contractors have been granted unlimited, real-time access to identifiable patient data from NHS England—data covering over 57 million people—with little public scrutiny, no parliamentary debate, and minimal oversight.

Unrestricted Data Access Confirmed

Amnesty’s report confirms that Palantir Technologies, along with other private firms such as Serco and Palantir partner Faculty AI, have been given full access to NHS England’s Federated Data Platform (FDP), a centralized system designed to support pandemic response and healthcare planning. Unlike previous data-sharing agreements, which anonymized records or required explicit patient consent, this arrangement allows contractors to view identifiable information—including names, addresses, medical histories, and test results—without limits on usage duration or purpose. The FDP was initially launched in 2020 under emergency powers during the COVID-19 crisis, but its expansion and continued operation have occurred without robust legislative backing or public consultation. Civil rights advocates warn this represents a de facto privatization of one of the UK’s most sensitive public assets: its citizens’ health data.

From Pandemic Tool to Permanent System

The roots of this arrangement stretch back to March 2020, when the UK government invoked emergency powers to fast-track data-sharing agreements with tech firms in response to the coronavirus pandemic. Palantir was brought in under the banner of the “National Health Service Covid-19 Data Store,” tasked with integrating fragmented datasets from hospitals, labs, and public health agencies to model outbreaks and allocate resources. Initially hailed as a necessary innovation, the system evolved rapidly. By 2023, the FDP had absorbed the original pandemic infrastructure and expanded into a permanent national data platform. Despite repeated calls from the Information Commissioner’s Office and academic experts for impact assessments and privacy safeguards, the government has not published a comprehensive evaluation of the program’s compliance with data protection laws. The lack of transparency has fueled suspicions that emergency measures have been repurposed into a lasting public-private surveillance framework.

The Architects Behind the System

At the heart of this transformation are a small cadre of technocrats, corporate strategists, and government insiders who view integrated health data as a cornerstone of modern governance. Palantir’s leadership, particularly CEO Alex Karp, has long championed the use of AI-driven data fusion in public services, arguing that predictive analytics can preempt crises and optimize care. In the UK, allies within the Department of Health and Social Care, including former digital health czar Matthew Gould, have advocated for deeper private sector involvement. Critics, however, point to Palantir’s controversial track record—its contracts with US Immigration and Customs Enforcement (ICE), its role in predictive policing programs, and its opaque algorithms—as evidence of systemic risk. “This isn’t about efficiency,” said researcher Dr. Ellen Broad, formerly of the Open Data Institute. “It’s about embedding corporate control into the NHS under the guise of technological progress.”

Implications for Patients and Privacy

The consequences of this data access are far-reaching. Patients are not being asked for consent, nor are they informed when their records are accessed. While the government maintains that strict contractual terms prevent data misuse, there is no independent audit mechanism to verify compliance. Legal experts warn that the arrangement may violate the UK’s Data Protection Act and the European Convention on Human Rights, particularly Article 8, which protects the right to privacy. Beyond legal risks, there is growing concern about function creep—the possibility that data collected for healthcare could be repurposed for insurance underwriting, law enforcement, or commercial research. Public trust in the NHS, long regarded as a bastion of equitable care, could erode if citizens perceive their most personal information as a commodity for corporate partners.

The Bigger Picture

This case is not isolated. It reflects a global trend in which governments, under pressure to modernize, are outsourcing core public functions to private AI firms with minimal accountability. From Australia’s My Health Record to US health data brokers, the fusion of healthcare and commercial data analytics is accelerating. In this context, the NHS partnership with Palantir serves as a cautionary tale: even the most trusted institutions can become conduits for surveillance capitalism if oversight lags behind technological integration.

What comes next may depend on public pressure and legal challenges. Civil society groups, including medConfidential and Foxglove, are calling for an independent inquiry and a moratorium on data sharing until proper safeguards are in place. The Information Commissioner has opened a formal review, but its findings could take months. As AI systems grow more powerful, the question is no longer just who owns the data, but who controls the future of public health.

Source: I