NHS Patient Data Is Not Silicon Valley's Property — It's Time to End the Palantir Deal

NHS Patient Data Must Not Become Big Tech's Raw Material

Warning signs were ignored when reports surfaced last month that engineers from Palantir — the controversial US data analytics company — had been granted what amounted to unrestricted access to identifiable NHS patient records. Under the terms originally outlined, such deeply personal medical data was only meant to be accessible to healthcare professionals directly involved in a patient's treatment, or with explicit consent from the patient themselves. NHS England appears to have quietly shifted that position, opening the door to private companies under the justification that it simplifies data processing. That justification simply does not hold up.

A Broken Promise to NHS Patients

Nicola Byrne, the government's own national data guardian, made her concerns unmistakably clear — the NHS had walked back its earlier assurance that identifiable patient information under its £330m Palantir agreement would remain strictly within the hands of NHS staff with a legitimate clinical purpose. The implications of this breach go beyond legal technicalities. Patients share information with their doctors that they would not disclose to anyone else in their lives. If the public begins to suspect that those private disclosures can flow freely to American technology corporations, trust in the healthcare system will erode — and people will withhold information precisely when honesty matters most to their care.

Parliament Calls Palantir an 'Unacceptable Risk'

This growing concern helps explain why members of parliament's science, innovation and technology committee delivered a pointed warning this week, describing Palantir as an "unacceptable point of weakness" within the NHS's digital infrastructure. The commercial arrangement, when stripped back to its essentials, follows a straightforward and troubling logic: the United Kingdom provides the raw material in the form of patient health data, and a Silicon Valley corporation transforms that material into profit. Critically, the financial rewards — improved data models, marketable new products — flow not to British taxpayers, but to American shareholders.

Why Palantir Is Not Just Any Software Company

The parliamentary committee also drew attention to something that distinguishes Palantir from a typical technology vendor. In the United States, the company has been deeply involved in military operations and immigration enforcement, programmes that have attracted significant ethical controversy. Its co-founder, Peter Thiel, has publicly expressed contempt for the very concept of a national health service. Against this backdrop, the committee's recommendation is direct and unambiguous: ministers should activate the break clause built into the contract in February 2027, sever ties with Palantir, and transition toward either an in-house solution or a provider that is UK-owned and accountable.

A Systemic Problem, Not an Isolated Scandal

The committee deserves credit for framing this issue as more than a single corporate controversy. It is, rather, symptomatic of a much broader and more troubling pattern. Public institutions across the UK have allowed themselves to become deeply dependent on a handful of powerful foreign technology firms — entities the state currently lacks both the technical capacity and the institutional knowledge to challenge or replace. Government officials frequently struggle to fully understand the systems they are procuring. When critical public infrastructure is built on platforms owned and operated outside the country, national autonomy is quietly undermined. Accountability becomes murky when decisions about data access and procurement are buried in dense technical documentation and opaque contractual language.

Digital ID Ambitions Raise Similar Questions

These same concerns apply directly to the government's ambition to roll out a £1.8 billion national digital identity system, promoted as a way to make public services faster and more accessible. Given the long and troubled history of large-scale government IT initiatives in the UK, the committee's scepticism about a smooth rollout is entirely reasonable. The report rightly characterises any mandatory adoption of such a system as misguided from the outset.

Public bodies hold citizens' data not as an asset to be exploited, but as a responsibility held in trust. That standard demands greater care, not less. Yet with NHS patient data, that higher standard has demonstrably not been met.

Democratic Oversight Must Come First

The government has put forward a range of justifications for digital ID — from combating illegal employment to simplifying access to vehicle records and even verifying bin collection schedules. None of these arguments has managed to build genuine public confidence. The more fundamental problem is that digital transformation in the public sector continues to be approached as a bureaucratic efficiency exercise rather than as a matter requiring meaningful public engagement and proper parliamentary scrutiny.

Infrastructure built around personal identity cannot be allowed to quietly expand through administrative drift. The committee's call for separate parliamentary votes on each new application of digital ID represents exactly the kind of democratic safeguard that has been conspicuously absent from the NHS's arrangement with Palantir — and it is a standard that must be applied going forward.