{"id":34312,"date":"2026-05-12T07:32:08","date_gmt":"2026-05-12T07:32:08","guid":{"rendered":"https:\/\/www.europesays.com\/britain\/34312\/"},"modified":"2026-05-12T07:32:08","modified_gmt":"2026-05-12T07:32:08","slug":"potential-security-risk-unpacking-the-uks-trust-issues-with-palantir-health-news","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/britain\/34312\/","title":{"rendered":"\u2018Potential security risk\u2019: Unpacking the UK\u2019s trust issues with Palantir | Health News"},"content":{"rendered":"<p>London, United Kingdom \u2013 Trust, once lost, is hard to claw back. For Palantir Technologies, a leading defence and intelligence software firm in the United States, the trust that the company established in the United Kingdom on a one-British-pound ($1.37) National Health Service (NHS) contract during the COVID-19 pandemic in March 2020 \u2013 which translated into a six-year relationship worth nearly 400 million pounds ($546m) \u2013 has recently eroded.<\/p>\n<p>This has been accelerated in part by Palantir\u2019s own conduct.<\/p>\n<p>Recommended Stories list of 4 itemsend of list<\/p>\n<p>The company\u2019s X account <a href=\"https:\/\/www.aljazeera.com\/news\/2026\/4\/21\/technofacism-why-palantirs-pro-west-manifesto-has-critics-alarmed\" rel=\"nofollow noopener\" target=\"_blank\">posted a 22-point manifesto<\/a> recently that alarmed critics and prompted renewed questions about whether a company with such openly militaristic values is an appropriate steward of a health patient\u2019s most sensitive data.<\/p>\n<p>Among the points were calls for universal national military service and the advancement of \u201cAI weapons\u201d.<\/p>\n<p>\u201cPalantir is perceived as a defence contractor,\u201d said Duncan McCann, the technology and data lead at legal campaign group the Good Law Project. \u201cIf they had just stayed in that lane, I think people might accept that. But a defence company has inherently different values than [a healthcare organisation like] the NHS, and that\u2019s where I think this [concern] was created.\u201d<\/p>\n<p>What seemed like a long shot four or five months ago now feels within reach to McCann.<\/p>\n<p>Opposition to Palantir\u2019s 330-million-pound ($450m) flagship data programme named Federated Data Platform (FDP), which is used by the NHS, has shifted from a fringe activist concern to a serious governance dilemma for NHS England and the UK government more broadly.<\/p>\n<p>Officials are now openly considering a 2027 break point for the contract.<\/p>\n<p>On Monday, Palantir came under further scrutiny. The Financial Times reported that NHS England had allowed Palantir employees \u201cunlimited\u201d access to patient data, citing an internal briefing note.<\/p>\n<p>Palantir\u2019s origins are rooted in defence.<\/p>\n<p>Its Gotham platform is used by intelligence, military, and policing communities around the world. Foundry, the company\u2019s civilian solution, is what underpins the NHS\u2019s FDP. Although they sound like different products, a 2020 review by Privacy International and No Tech For Tyrants found the two systems share the same Palantir DNA.<\/p>\n<p>That shared architecture sits at the heart of a governance problem that critics argue has never been adequately addressed.<\/p>\n<p>According to NHS England, Palantir \u201cwill only operate under the instruction of the NHS when processing data on the platform\u201d and they \u201cwill not control the data in the platform, nor will they be permitted to access, use or share it for their own purposes\u201d.<\/p>\n<p>Palantir responded, stating that the company \u201cin no way uses patient data, or any NHS data, for its own purposes. Palantir acts exclusively as a data processor under the instruction of the NHS\u201d.<\/p>\n<p>Palantir UK\u2019s Charles Carlson told Al Jazeera. \u201cOn verification, auditors review our controls and our compliance with them, and we undergo multiple audits.\u201d<\/p>\n<p>He noted that \u201cthe customers themselves, aided by the NCSC [National Cyber Security Centre], do their own validation\u201d.<\/p>\n<p>While audits may show that Palantir follows industry standards for protecting data against unauthorised access and breach, observers have doubted the extent to which tech companies comply with the rules.<\/p>\n<p>\u201cWe really wouldn\u2019t know if Palantir was doing something nefarious [with NHS data],\u201d said Eerke Boiten, a professor in cybersecurity and head of the School of Computer Science and Informatics at De Montfort University in Leicester. \u201cBut that\u2019s the same with Microsoft, Google and other American tech companies involved in providing the NHS or anyone else with IT solutions.\u201d<\/p>\n<p>Boiten preaches \u201ctechnical realism\u201d and says these companies are so big, their products so complex and proprietary, that their customers must trust that they are not going to exploit the situation.<\/p>\n<p>As a safeguard, a data protection impact assessment (DPIA) is required before processing sensitive personal data at this scale.<\/p>\n<p>\u201cYou have to look into the DPIA and see that they are serious,\u201d Boiten said. \u201cGovernment should publish them to gain public confidence.\u201d<\/p>\n<p>\u2018A potential security risk\u2019<\/p>\n<p>Following legal pressure from the Good Law Project, NHS England released a less heavily redacted version of the FDP contract \u2013 but roughly 100 pages remain withheld, according to McCann.<\/p>\n<p>Those pages relate specifically to the methodology by which patient data is pseudonymised before it enters the platform. This is the one element of the contract\u2019s data protection framework that the public, parliament, and independent experts cannot scrutinise.<\/p>\n<p>Everyone interviewed for this article agreed the FDP is broadly a good thing \u2013 and that alternatives exist.<\/p>\n<p>Leaders at the NHS Greater Manchester integrated care board, which manages the commissioning and funding of healthcare services across that region, have spent six years building their own analytics platform without Palantir. <\/p>\n<p>Analysts say the question is not whether the NHS can manage its data effectively, but whether it needs Palantir to do so.<\/p>\n<p>\u201cPalantir\u2019s political leanings, expressed in their rhetoric, make them a potential security risk,\u201d Boiten said.<\/p>\n<p>One less-talked-about risk is the possible aggregation of data.<\/p>\n<p>Palantir\u2019s Foundry platform underpins contracts across at least 10 UK government departments, but the company rejects any assertion that it can aggregate these data sets.<\/p>\n<p>\u201cEach customer engagement with Palantir is contractually, operationally and technically distinct and walled off,\u201d said Carlson from Palantir. He added that the company \u201cdoes not transfer data among our customers for our own purposes\u201d.<\/p>\n<p>\u201cMoreover,\u201d he said, \u201cit would be illegal for the government to share data in this way unless there are specific data-sharing agreements in place between the different government departments in question.\u201d<\/p>\n<p>Two senior Ministry of Defence systems engineers warned The Nerve in March that by aggregating data across different government datasets, Palantir could generate top-secret information from entirely unclassified sources.<\/p>\n<p>For Sarah Simms, senior policy officer at Privacy International, such a risk and precedent have already been established by the company\u2019s actions abroad.<\/p>\n<p>\u201cTrust is essential to delivering healthcare and the NHS,\u201d she said. \u201cPeople should be able to trust that their data is being handled securely and ethically. And if it isn\u2019t, well, that could have a devastating impact on healthcare for everyone.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"London, United Kingdom \u2013 Trust, once lost, is hard to claw back. For Palantir Technologies, a leading defence&hellip;\n","protected":false},"author":2,"featured_media":34313,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[7585,1877,252,96,18,5,6],"class_list":{"0":"post-34312","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-uk","8":"tag-business-and-economy","9":"tag-cybersecurity","10":"tag-europe","11":"tag-health","12":"tag-news","13":"tag-uk","14":"tag-united-kingdom"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@UnitedKingdom\/116560444920974611","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/posts\/34312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/comments?post=34312"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/posts\/34312\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/media\/34313"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/media?parent=34312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/categories?post=34312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/britain\/wp-json\/wp\/v2\/tags?post=34312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}