The promise of a modernized National Health Service, powered by artificial intelligence and seamless data integration, is colliding with one of the most sensitive nerves in British public life: the privacy of patient records. At the center of the storm is Palantir Technologies, the U.S.-based data analytics giant, which has been granted a £330 million contract to build the NHS’s Federated Data Platform (FDP).
While the government frames the FDP as a vital tool to reduce waiting lists and optimize medical treatment, a series of revelations has sparked a backlash from lawmakers and privacy advocates. Members of Parliament have described the current trajectory of the project as “dangerous,” warning that the health service is risking a total collapse of public trust by allowing external contractors access to identifiable patient information.
The controversy intensified following reports from the Financial Times, which cited an internal NHS England briefing. The document suggests that staff from Palantir and other contractors were granted access to patient data before it had been pseudonymized—the process of removing personally identifiable information to protect anonymity. This move appears to contradict earlier assurances from NHS England that personal data would remain protected and within the NHS at all times.
For a health service already struggling with systemic pressures, the stakes extend beyond technical implementation. The debate is now a fundamental question of governance: whether the efficiency gains promised by Big Tech are worth the risk of compromising the sanctity of the doctor-patient relationship.
The Gap Between Policy and Practice
The Federated Data Platform was designed to solve a chronic problem within the NHS: fragmented data. Patient records are often trapped in siloed systems across different trusts and regions, making it difficult to track performance or coordinate care. Palantir’s software is intended to integrate these scattered datasets, allowing the NHS to use AI to predict demand and manage resources more effectively.
However, the leaked briefing revealed that the NHS allowed “unlimited access to non-NHSE staff” to parts of the platform containing identifiable information. The justification provided by NHS England was one of pragmatism. With hundreds of different datasets involved, the agency argued that requiring contractors to apply for individual permissions for every piece of data was too time-consuming for engineers building the system’s “pipelines.”
This “cavalier attitude,” as described by Martin Wrigley, a Liberal Democrat member of the Commons technology select committee, suggests a lack of “security by design.” Critics argue that efficiency should never supersede the foundational requirement of patient anonymity, especially when dealing with a firm whose corporate DNA is rooted in intelligence and surveillance.
The ‘Trust Test’ and Palantir’s Profile
Much of the friction surrounding the deal stems from Palantir’s client list. Unlike traditional healthcare software providers, Palantir has built its reputation on high-stakes government contracts, including work for the U.S. Immigration and Customs Enforcement (ICE) and various military intelligence agencies in the U.S., UK, and Israel.
This history creates a cognitive dissonance for patients. Tom Hegarty, head of communications at the tech equity group Foxglove, noted that patients never consented to have their data accessed by a company whose record is in “targeting people, not caring for them.”
Palantir has fought back against this narrative by emphasizing the legal and technical boundaries of its role. The company asserts that it acts strictly as a data processor, not a data controller. In plain English, this means Palantir provides the tools and the labor to move and analyze the data, but the NHS retains total ownership and decision-making power over that data. Palantir maintains that using the information for any purpose other than the NHS’s specific instructions would be “technically impossible” due to granular access controls.
| Stakeholder | Position / Concern | Primary Objective |
|---|---|---|
| NHS England | Data access is strictly audited and security-cleared. | Improve operational efficiency and patient care via AI. |
| Palantir | Acts as a processor; cannot legally or technically steal data. | Successful deployment of the FDP infrastructure. |
| MPs/Campaigners | Access to identifiable data is a “dangerous” precedent. | Ensuring patient privacy and democratic oversight. |
| Patients Association | Lack of transparency and patient consultation. | Clear boundaries and informed consent for data use. |
Broadening the Scope of Concern
The NHS controversy is not happening in a vacuum. Palantir is aggressively expanding its footprint across the UK public sector. Recent reports indicate the company is moving toward a deal with the Metropolitan Police to use AI for analyzing intelligence in criminal investigations. This widening role has led to a growing sense of unease among backbench MPs and civil liberties groups who fear the “creep” of surveillance technology into everyday public services.
Public sentiment reflects this anxiety. Recent polling indicates that more than two-thirds of the UK public are concerned about Palantir’s increasing number of government contracts. Perhaps most telling is that 40% of those polled distrust the company’s claims that it cannot or will not access patient data for its own purposes.
Rachael Maskell, the Labour MP for York Central and a former NHS worker, has called for the project to be stopped entirely. She argues that as the company embeds itself deeper into the health service’s infrastructure, it opens the door to greater private interest in public data—a move she describes as a “dangerous development.”
Disclaimer: This article is provided for informational purposes only and does not constitute legal or medical advice regarding data privacy laws or healthcare policies.
The next critical juncture for the FDP will be the upcoming reviews by the government’s technology oversight committees and potential parliamentary inquiries into the leaked briefings. As the NHS continues to roll out the platform, the government will be under pressure to provide a transparent audit of exactly who has accessed identifiable data and what safeguards are in place to prevent future lapses.
Do you believe the efficiency gains of AI justify the risks to patient privacy? Share your thoughts in the comments or share this story to join the conversation.
