Palantir NHS Health Data: Spy Tech Company Gets Access to UK Patient Records

Palantir Technologies, a company with deep roots in intelligence and defense work, secured a contract to build the Federated Data Platform for the UK National Health Service, giving it access to health data of millions of NHS patients. The contract drew intense opposition from privacy advocates, healthcare workers, and patients who objected to a surveillance technology company handling sensitive medical records. Palantir's history includes building surveillance tools for intelligence agencies, immigration enforcement, and predictive policing systems. Critics argued the NHS contract would give Palantir access to one of the world's most comprehensive health datasets, covering 56 million people from cradle to grave. Concerns included the potential for data to be used beyond healthcare purposes, Palantir's US government relationships, and the precedent of integrating health data with a platform designed for intelligence analysis. The openDemocracy investigation revealed Palantir had been involved in NHS data projects since the COVID-19 pandemic, often through emergency procurement processes that bypassed normal scrutiny.

The ramifications of this incident extend beyond the immediate data exposure. Privacy regulators in multiple jurisdictions have opened investigations, and affected individuals are organizing collective action to demand accountability and meaningful remediation. The case highlights systemic weaknesses in how organizations handle personal data and the gap between corporate privacy promises and operational reality.

For impacted individuals, immediate action is critical. Filing a data subject access request forces the company to disclose exactly what data they hold about you, providing the foundation for deletion requests, regulatory complaints, and potential legal action. Below, we outline the specific data types at risk and the concrete steps you can take to protect yourself.