Hours before facing court proceedings from openDemocracy over its massive NHS COVID-19 data deal with private tech firms, the UK government has caved to pressure and released all the contracts governing its deals with Amazon, Microsoft, Google, and controversial AI firms Faculty and Palantir.

The contracts, released to openDemocracy and tech justice firm Foxglove today, reveal details of what has been described as an ‘unprecedented’ transfer of personal health information of millions of NHS users to these private tech firms. 

Significantly, the contracts reveal that the Dominic Cummings-linked firm Faculty is being paid more than £1m to provide AI services for the NHS. The documents also show that terms of that deal were changed after initial demands for transparency were made under the Freedom of Information Act. 

The contracts show that companies involved in the NHS datastore project, including Faculty and Palantir, were originally granted intellectual property rights (including the creation of databases), and were allowed to train their models and profit off their unprecedented access to NHS data. 

Government lawyers have now claimed that a subsequent (undisclosed) amendment to the contract with Faculty has cured this problem, however they have not released the further contract. openDemocracy and Foxglove are demanding its immediate release. It is not clear if other contracts were altered as well.

The disclosures come after openDemocracy and Foxglove sent legal letters demanding transparency over the COVID datastore deal, and just hours before openDemocracy was due to issue proceedings in court. 

Over the past few weeks, MPs have asked questions in parliament about the controversial deals and over 14,000 people joined a call for transparency. 

Today, openDemocracy is publishing the contracts in full, in order to facilitate expert analysis and support public debate.

View Google NHS agreements (PDF, 0.7 MB)

View Faculty NHS agreements (PDF, 0.9 MB)

View Palantir NHS agreements (PDF, 11.6 MB)

View Microsoft NHS agreements (PDF, 1.5 MB)

In March, an NHS blog announced the COVID-19 datastore project – intended, it said, to provide a “single source of truth” about the epidemic, in order to stem its spread. 

At the time, the NHS stressed that “essential data governance procedures and established principles of openness and transparency remain at the core of everything we do”; that the data collected “will only be used for COVID-19”; and that “only relevant information will be collected.” 

It also said that “once the public health emergency situation has ended, data will either be destroyed or returned in line with the law and the strict contractual agreements that are in place between the NHS and partners”.

However concerns were raised about both the secrecy around the deals, and the track record of some of the companies involved. 

Palantir, founded by Silicon Valley billionaire and close Trump ally Peter Thiel, is a data-mining firm best known for supporting the CIA’s counterinsurgency and intelligence operations in Iraq and Afghanistan. 

In 2019 it was criticised for its support for US Immigration and Customs Enforcement’s brutal regime of deportations. Reporting over its extensive contracts with American police forces revealed problems with access to sensitive data, prices rising over time, and a lack of public trust in their ‘predictive policing’ products. 

Similar COVID-data contracts Palantir has won in the US are worth millions of dollars, however the film is reportedly running the new NHS contract for £1, prompting further speculation about how the firm was due to benefit from the deal.

Meanwhile Faculty, an artificial intelligence startup, is headed by Mark Warner: brother of Ben Warner who ran the data operation for the Dominic Cummings-led Vote Leave campaign. Faculty is reported to have won eight government contracts worth almost £1.6m in 18 months. They recently won a contract with the Department of Housing to mine and analyse data from “social media, utility providers and telecom bills, credit rating agencies.”

The government has not disclosed the Data Protection Impact Assessments it carried out over the NHS COVID deals, claiming it will publish these on the NHS website today. openDemocracy and Foxglove, in legal correspondence, have asked the government to specify whether this important legal compliance step was taken before the contracts were awarded – or after. 

The disclosures come amid intensifying debate about private companies’ push to profit from the coronavirus crisis. Leaked emails from outsourcing giant Serco, which is running the government’s delayed test-and-trace scheme, show CEO Rupert Soames hoping the crisis would “cement... the position of the private sector companies in the public sector supply chain.” 

If you think that public interest journalism should continue demanding transparency during the COVID crisis and long after it, please consider supporting openDemocracy and Foxglove.