You could perhaps forgive me for doing a little fist pump last week after hearing that the UK government had binned a software contract with US ‘spy tech’ giant Palantir.

Perhaps now, after two legal cases initiated by openDemocracy and my tech-justice group Foxglove - and a massive campaign involving more than 50 groups - the Department for Health and Social Care (DHSC) is slowly getting the message that embedding shady tech firms in health and social care is self-defeating.

But the battle is not over. The Palantir fight, like the wider punch-up we and our allies fought over the NHS Data Grab, is a prelude to a larger struggle over the NHS’s future. Public outcry still works; but only sustained effort will protect the NHS from tech-profiteering.

Palantir hails from the dark side of US tech. Originally funded by the CIA’s venture capital arm, In-Q-Tel, Palantir’s main business for years was to offer data-science support to US military operations, mass surveillance, and predictive policing. It helped bring about family separations in the US under Donald Trump. Its chair, Peter Thiel, was a massive donor to Trump’s 2016 presidential campaign. This sort of thing is still its core business; in February, Palantir’s chief operating officer told investors that Palantir was driving towards being “inside of every missile, inside of every drone.”

How, you might ask, did a company like this get into health care?

COVID opened the door. It let the UK government put dull-but-important procurement law (which governs who gets to bid for government deals) on ice. That’s why you keep reading how those with zero track record in health – but a strong one in Conservative Party donations – piled in to profit from the NHS, for everything from testing to data.

Palantir, which had been eyeing up the NHS since at least 2019 and wooing execs over watermelon cocktails, wasted no time. It won three consecutive massive no-bid contracts to manage the largest pool of patient data in NHS history – with the price leaping in six months from £1, to £1m, to £23m.

At Foxglove, we realised that embedding Palantir in the heart of the NHS would damage trust. Palantir has distanced itself from Silicon Valley’s tech companies, by which it means it doesn’t want to sell your data – only to be paid by the government to manage it until the end of time. This doesn’t matter. How can you ask people to freely share health information into a system run by a firm that works mainly with police and spies?

So we supported openDemocracy to bring two legal actions about the data deals – forcing the secret contracts to be published, and squeezing out a (grudging) commitment not to extend the Palantir deal beyond COVID without talking to communities.

The contract DHSC has just binned isn’t for the whole COVID system – it’s apparently for a social care bolt-on. From contract documents, DHSC appears to have made an urgent decision to pivot from Palantir into a system the department will run itself.

If the future of UK health and social care depends on better data, a sustainable system needs to build up our own data science expertise, and not put us in hock to expensive consultants and tech firms.

The government will also have to earn back trust. The trust deficit is why so few of my neighbours in Brixton, south London, are vaccinated. A lack of trust also caused an uproar over this spring’s scheme to pool England’s 55 million patient records into a permanent data lake, and to give companies access. Ministers hoped, perhaps, that COVID gave them a political mandate for a data free-for-all, in which companies could be readily let in to play in NHS records. They were wrong. Well over a million people opted out of that scheme, which – again after a Foxglove-led coalition threatened legal action – has since been kicked into the long grass.

Make no mistake: Palantir is still looking to bid for health contracts in the UK. Anyone concerned about trust in the NHS should join our demand that the firm be kept well away from health care. But the debates to come will be harder. Our government plainly hopes to hop on a tech mogul’s rocket towards an ever-closer union between Big Tech and the NHS, ripping up critical data protection and procurement laws to get there. Ministers have said they want to open up England’s health data for tech firms to go prospecting for gold in. Whether their standard for ‘public benefit’ matches yours – well, that’s a question of trust.

It doesn’t have to be this way. Across the NHS, in universities and hospitals, people are forming alternative ideas to an NHS run by and for big tech companies. Broadly, they involve more transparent, locally controlled, public-spirited uses of health data. This will, of course, take a fight. But the public holds more cards than you might think. It’s politically very hard to seize people’s health records without their say-so. And when millions opt out of data-sharing, the dataset changes – it’s less useful, and less commercially valuable. If people don’t trust the government with the NHS or their health data, three-word slogans like ‘data saves lives’ won’t fill that gap. The millions who have opted out will never opt back in.

A better way is in sight if we demand it. Don’t sleep on it – you know Palantir won’t.