NHS England’s Federated Data Platform, run primarily by controversial US military contractor Palantir, would give a future UK government the ability to use patients’ healthcare data to unleash unprecedented mass surveillance, experts and technologists have warned openDemocracy.
“We have already seen in the US how Palantir’s reach into so many different areas of government has allowed it to build a system that provides detailed profiles of people to enable ICE raids,” said Duncan McCann of the Good Law Project, referring to how President Donald Trump’s mass deportation programme has used Palantir’s tools. “The exact same thing is being enabled by the integration of Palantir into the UK public sector.”
This risk is only exacerbated by the fact that nearly three years after Palantir was awarded the £330m contract to run the FDP, it remains unclear what patient data it gathers, on what basis and to what end. Despite this, 69% of regional NHS Trusts have already adopted the platform, which provides the health service with a new operating system intended to link up otherwise unconnected databases and disparate software across different NHS services and regions.
This lack of clarity was laid bare this week, when the UK’s cross-party Science, Innovation and Technology Committee urged the government to break the NHS’s contract with Palantir. Its report contained a stark recommendation to the government: reveal “the exact nature of Palantir’s access to identifiable and non-identifiable patient data, on what statutory basis this was authorised, when, and by whom.”
McCann and the Good Law Project are part of an unusually wide coalition demanding the UK cut ties with Palantir, but technologists who have worked closely on the FDP warn that the genie is now out of the bottle; kicking the US giant out of the NHS may not be enough to solve the data privacy problems its Federated Data Platform has created.
“You know you could pull Palantir out,” Tom Bartlett, an NHS technologist who worked on the FDP and has spoken publicly in favour of the project, told openDemocracy. “But the danger remains."
“You still might get a government that says, ‘We need to have the data from the NHS and the data from the Home Office connected, and we want to use it for the purpose of denying people healthcare or deporting people or whatever’.”
Coalition of Resistance
To understand how deeply Palantir is enmeshed in the UK’s public sector, consider the coalition opposed to it.
NHS data analysts and chief data and analytical officers have spoken out against the FDP. The British Medical Association, a union representing doctors and medical students, has urged GPs to reject it. The Greater Manchester Integrated Care Board, which oversees NHS services for 2.8 million people, has refused to sign up to the platform, claiming outstanding security risks haven’t been addressed, and that it has better technology in-house.
It’s not just the NHS, either. London’s mayor has blocked a £50m Palantir contract with the Metropolitan Police, arguing that it was improperly awarded. The housing ministry replaced a Palantir system to match British hosts with Ukrainian refugees with its own technology. In Coventry, local politicians and unions are protesting the renewal of a £750,000 Palantir contract with the council’s children’s services department. Financial Conduct Authority employees are seeking to orchestrate a cross-union campaign against a 12-week trial contract with Palantir that they fear could expose the UK’s sensitive financial data to US law enforcement authorities.
“Our pilot with Palantir allows the Met for the first time to bring together data it already lawfully holds in one place to identify potential standards, welfare or cultural concerns,” said a spokesperson for The Met over email. “It also allows us to identify early issues so we can act more fairly and consistently, ensuring officers receive support or face appropriate action before problems escalate.” In April, Met officers expressed outrage at the “intrusive” use of Palantir’s technology to assess them for misconduct.
The police can already request information from the NHS if it meets a policing need, such as a homicide investigation or tracing missing persons.
The Financial Conduct Authority’s contract with Palantir involves testing an AI search tool for its data. “The data used in the trial will be fully encrypted and under our control,” wrote a spokesperson for the regulator over email. “No-one is able to access the unencrypted data without our authorisation.”
Coventry City Council did not respond to questions about its Palantir contract.
What exactly does Palantir do?
Palantir’s CEO, Alex Karp, once described its role as “the finding of hidden things”.
He co-founded the company with $2 million from the venture capital arm of the CIA in the early 2000s, when the failure to prevent 9/11 was being debated across Washington and Silicon Valley. It was suspected, and would be confirmed by the public report a year later, that the CIA, the FBI, and the National Security Agency had separately held the data required to have foreseen the terror attacks, but had “failed to connect the dots”.
That finding has since been the basis of much of Palantir’s success. It argues that governments, militaries, law enforcement authorities and businesses already have much of the data they need to make decisions, but that it is not readily available in the forms needed.
Palantir, it tells them, is the solution.
“The actual thing that’s difficult is organising all your data together,” Alex Bores, a member of the New York State Assembly and a former Palantir employee turned critic, told The New York Times. “That requires hard work, and there’s no magic to do that yet. The software, plus engineers going on site and doing a lot of that hard work to do the manual hookups, was always going to be the true source of value.”
Databasing the Nation
In the NHS, Palantir’s work involves organising, hooking up, and streamlining vast troves of patient data currently scattered across, by one count, 44,000 healthcare IT systems in 26,000 organisations. “The fragmentation is absolutely massive,” said Bartlett, who helped build the FDP. “There's all this information, and it's all sat in different pockets.”
Palantir’s solution has two layers. Bartlett describes one layer as an “operating system” analogous to the software that runs your iPhone, which will allow NHS Trusts and third-party developers to create applications (or what Palantir calls “products”) that allow for efficiency gains. An ambulance crew, for example, could input information about an accident victim to a product that would pass it onto the hospital, so that “the A&E department could prepare, rather than being sort of hit in the face” with information when the ambulance arrives, he said.
Yet, much like how your iPhone decisively locks you into the ecosystem of Apple products, running this system efficiently requires as much of the NHS as possible to sign on to the Palantir system – something experts call “vendor lock-in” – and to draw on a staggering library of data held across the health service.
The FDP’s public documentation reveals that the platform is already in the process of ingesting several hundred databases, covering a vast array of variables that include mental healthcare contact activity, mortality, flu vaccination status, covid vaccination status, emergency services data, race and ethnicity, aggregated data for persons held in secure mental health facilities in adult prisons and immigration removal centres, and much more.
As the cross-party committee of MPs noted in their report last week, there is little clarity around exactly what data will make it into the FDP, and how it will be accessed. The debate around patient data held by GP practices offers a useful illustration.
Back in 2023, the then secretary of state for health and social care, Victoria Atkins, told the House of Commons: “No new data will be collected, and GP data will not be part of the national platform.” However, an NHS FAQ page last updated in April 2026 admits that “some of the data” in the FDP “may have been sourced from GP records”, and GP data lawfully shared with NHS trusts that use the FDP could end up on the platform.
More worryingly, the FDP uses all this data to create detailed profiles of individual patients that it calls the ‘Person Ontology’. To quote from an NHS Data Protection Impact Assessment: “The Person Ontology serves as the single source of the truth for pseudonymised patient level datasets”.
Elsewhere, the document says that “the Person Ontology currently holds activity data for citizens in different care settings”, explaining that the platform assigns individual patients a unique ID that can be cross-referenced across multiple databases.
The NHS says that as the data held in the FDP is pseudonymised, it does not directly identify individuals. But pseudonymisation, as has been pointed out by the Information Commissioner’s Office, the UK’s data protection watchdog, is a reversible process. “Take care not to confuse pseudonymisation with anonymisation,” the ICO warns.
A person’s healthcare data is their “most intimate information,” said a spokesperson and legal officer at Privacy International, a UK-based charity focusing on technology and rights. “We’re talking about the breadth of the data, how personal it is, and the severity of what could be done with it if it were to land in the wrong hands.”
Big Data Means Big Brother
Consolidating so much data brings very real risks of surveillance, say those familiar with the platform, particularly since Palantir also holds contracts with police forces in the UK. In principle, all that’s stopping the Home Office from accessing NHS data are legal safeguards that can be reversed.
Here in the UK, Palantir UK CEO Louis Mosley has said that if Nigel Farage’s Reform comes into power, the company will follow the party’s professed directives to use NHS data to target individuals based on their immigration status.
Such a scenario played out in the US when Trump first became president in 2016, as Bores, the former Palantir employee, told The New York Times.
“Palantir had signed a contract with a department within ICE called HSI, Homeland Security Investigations. During the Obama administration, it was focused on anti-human trafficking, anti-drug trafficking, sometimes counterfeiting,” Bores said. “Then, when Trump comes in in 2017, they try to change the nature of that work. They try to get another part of ICE called ERO, Enforcement and Removal Operations – the part that everyone thinks of as ICE – to get access to the software and to use it for deportations.”
In the US, Palantir already uses data from the Department of Health and Human Services to track people targeted for deportation by ICE. Here in the UK, junior doctor Rhiannon Mihranian Osborne, who is organising against Palantir in the NHS with health justice organisation Medact, described what she said was a disturbing pattern: “Reform’s policy ‘Operation Restoring Justice’ wants to create a powerful immigration surveillance system by mining data from health, police and financial databases. Louis Mosley said his company would comply with this.
“Palantir's police contracts in the UK include collating highly sensitive information on victims of crime, including sexual orientation and trade union membership. The home secretary says she wants to create a panopticon of state surveillance. The synergy between Palantir and governments who use data to abuse human rights is deeply alarming, and a sign of what could be coming in the UK.”
This is a real risk, conceded Bartlett. “Let's take [a] Reform government and the immigration question coming in, I do worry about that scenario,” he said – but he questioned whether that means the NHS doesn’t need a Federated Data Platform. “So is the answer to that bad scenario playing out to keep the data in such a bad state that nobody could ever use it at all for good or bad?”
Palantir, NHS England, the Cabinet Office, the Department of Health and Social Care and The Reform Party did not respond to requests for comment.
Critics of the FDP, however, have pushed back against what they see as a narrative that the NHS’s systems are so hopelessly complex and tangled that the only way to solve them is with a mass surveillance tool built by Palantir.
“There’s no magic here,” Sam Smith, a technologist with patient rights organisation medConfidential, said of the FDP. “It’s not like Palantir is doing anything that other people can’t do… They’re just doing the thing because they have the mythos that they can do the thing.”
Andrew Holway, the founder of UK-based medical software startup Darwinist, told the cross-party committee that “the primary barrier to NHS innovation” is mega contracts with companies such as Palantir. These, he said, hold the NHS “hostage, preventing the implementation of modern productivity tools that could save tens of billions of pounds”.
Some in the NHS have also questioned whether the service has tried different approaches that are less intrusive and data-centric. The NHS Greater Manchester Integrated Care Board, for instance, uses its own Analytics and Data Science Platform because it believes it offers better technology and access to better data.
“Public trust isn’t a side issue for the Federated Data Platform,” wrote Matt Hennessey, the chief data and analytics officer at Manchester Integrated Care Board, in a post on LinkedIn. He outlined the “effect that ethical concern, moral unease or perceived opacity has on trust–and, in turn, on participation."
The platform’s “main problem is that it isn’t clear what it actually is,” he wrote. “Where trust is eroded, people disengage, patients opt out, and clinicians become cautious about involvement.”
Ultimately, as Osborne said, “any NHS data system must be built on public trust, buy-in from staff, and most importantly, protection from abuse by private corporations and governments themselves”.
