Imagine you’re doing something unlawful – how do you avoid getting sued? Lately, if you’re UK Prime Minister Boris Johnson’s government, it seems you try sneaking it through before anyone notices.

Unfortunately for them, it didn’t work this time. We’ve just issued a lawsuit over their £23m NHS data deal with controversial ‘spy tech’ company Palantir.

We’re taking the UK government to court because, right before Christmas, they quietly gave this CIA-backed firm a major, long-term role in handling our personal health information, and in England’s cherished National Health Service.

The government claimed the initial Palantir ‘datastore’ deal, signed last March, was a short-term, emergency response to the pandemic. But December's new, two-year contract reaches far beyond COVID: to Brexit, general business planning and much more.

And, as the Bureau of Investigative Journalism reveals today, it comes after years of Palantir lobbying top UK and NHS officials, courting them in London, San Francisco and Davos – over dinner and watermelon cocktails.

Health secretary Matt Hancock and his advisers must have known it wouldn’t look good.

Palantir is best known for powering US intelligence operations in Iraq and Afghanistan. Its founder Peter Thiel, a Trump-backing Silicon Valley billionaire, famously once wrote: “I no longer believe that freedom and democracy are compatible.” Palantir’s tech has been accused of creating ‘racist’ feedback loops in US ‘predictive policing’ software. Its own staff have criticised its role in Trump’s brutal deportations of undocumented migrants.

How does all this sit with the current drive to combat ‘vaccine hesitancy’ among Black, Asian and migrant communities in the UK? Striking quiet deals with firms like Palantir, especially with no real public dialogue, risks demolishing trust in the NHS among the very communities where the government now urgently seeks to shore up trust.

As Kailash Chand, former deputy chair of the British Medical Association, put it: “The secrecy around what the government is doing with NHS data, working with companies like Palantir, will damage what trust is left amongst ethnic communities, for migrants, and in the NHS family as a whole. It makes it difficult for people like me to convince ethnic minority people that this is being done in their best interests.”

The NHS is at a crossroads

This isn’t just about Palantir. The future of the NHS is being written now, in the latest chapter of the pandemic. The government has put us on notice that sweeping changes to our health service are on the way. They present both opportunities and grave risks.

The government has a legal duty to consult us, citizens and NHS users, before they strike massive deals which affect that future. In doing so, they need to take important steps (like conducting ‘data protection impact assessments’) to ensure our health information and our rights are protected. They haven’t done this for the Palantir datastore: that’s why we’re bringing this case.

More broadly, our elected leaders need to explain their long-term plans for our cherished NHS – enabling genuine public debate about them.

The government’s published plans for overhauling the NHS include new rules for handling the nation’s health data, and involve handing over almost all power over the NHS to Matt Hancock. By scrapping many NHS procurement rules, they open the door for big tech firms to take ever-greater slices of the NHS pie – including access to our health data for profit, and unaccountable influence over vital healthcare decisions. These are issues in which the public deserves a say.

Our NHS: worth more than a watermelon cocktail

How did we get here? Was it really, as some suggest, that the government suddenly turned to Palantir in an emergency because there was no other choice?

It seems not. As the Bureau of Investigative Journalism’s reporting reveals, Palantir has been intensively lobbying top UK and NHS officials.

On 2 July 2019, the night before the launch party of NHSX – the UK’s flagship digital health initiative – emails released through Freedom of Information show Palantir hosting the chair of NHS England, Lord David Prior, for dinner and cocktails. (Prior is a Conservative peer and former junior minister.)

Palantir’s UK chief, Louis Mosley, emailed his pitch the very next day: “I’m more convinced than ever that the UK is uniquely placed to pioneer the next generation of medical discoveries and treatments.” [The next two paragraphs of Mosley’s email are, strangely, redacted].

Prior responded just hours later to thank Mosley “for the watermelon cocktails” and added: “[redacted] If you can see ways where you could help us structure and curate our data so that it helps us deliver better care and provides a more insightful data base for medical research, do be in touch.”

The correspondence is clear. The UK government was keen to lay a path in the NHS for Palantir – undermining official claims that the Covid datastore was an emergency fix with no long-term plans in prospect.

Health data, yes – but only with public trust

There are countless ways in which trustworthy and public-spirited use of data could benefit the NHS, and all of us, in tackling disease and delivering better public health outcomes. Several important patient juries on the use of health data consistently show that people are cautiously open to data use for the right reasons: to improve care, and so long as benefits are distributed equally and fairly to all patients.

But proceeding without public trust undermines our chances of achieving any of this. It doesn’t help that, under the new Palantir contract, we have no idea what is going into the long-term datastore: for the first time, the government has completely redacted the list of health-data sources fed into it.

This approach carries echoes of the ‘care.data’ debacle from 2013 to 2016. This was another massive health data centralisation plan involving big private firms that failed because the government didn’t consult on its plans and communicated them badly – and lost public trust as a result. So many people opted out (some 1.2 million patients) that the NHS abandoned the programme.

The NHS story could go two ways. We could channel all the solidarity and goodwill – expressed not just in thousands of claps and posts but in community support groups and voluntary initiatives – to build an NHS that is well-funded, well-staffed and fit for the future. But this future is only possible if we, the public, are in the driving seat.

If our legal challenge is successful, it’ll be an important step towards making sure our NHS health data can be used only in ways the public can trust. After a year of repeated ‘COVID cronyism’ scandals and massive failures – from Serco’s disastrous mishandling of ‘test and trace’ to last week’s ruling that Hancock acted unlawfully over PPE – it’s time for a different approach.

You can support our legal challenge here