Controversial ‘Spy Tech’ Firm Palantir Lands £23m NHS Data Deal

Lambert here: That’s nice. I guess American consulting and IT firms will be doing for the UK what they have already done for the US.

By Mary Fitzgerald, openDemocracy’s Editor in Chief, and Cori Crider, a US lawyer and a founding Director of Foxglove, a new non-profit that exists to make tech fair. Originally published at OpenDemocracy.

They claimed it was a short-term, ‘emergency’ response to the COVID crisis. In March, the UK government announced a massive NHS data deal with private tech firms. Experts warned it could involve an ‘unprecedented’ transfer of citizens’ private health information to controversial private firms like Palantir: a secretive artificial intelligence outfit founded by a Trump-backing billionaire.

During months of ensuing legal correspondence, the government assured us that this ‘COVID datastore’ would be unwound at the end of the pandemic and the data destroyed. They also assured us that any extension would go out to public tender, in which taxpayers could see and debate the issues at stake.

All of that has now turned out to be false. Today we can reveal that, right as health secretary Matt Hancock was heralding the new vaccine and telling Britons life would be getting “back to normal” by Easter, his government was quietly sealing a lucrative deal with Palantir, worth up to £23 million, to run its massive health datastore for two years. The contract, awarded on 11 December, paves the way for Palantir to play a major, long-term role in the NHS beyond COVID – now, even by the government’s own admission

It’s still not clear what precisely Palantir has been given access to: the list of NHS datasets that the firm will draw on have been redacted from the contract. What is clear, though, is that the government deliberately struck this deal on the quiet – knowing it would be controversial.

Public Trust

Palantir has built software accused of fuelling racist feedback loops in the hands of the Los Angeles police, and has come under fire from its own staff over its role in the US Immigrations and Customs Enforcement (ICE) agency’s brutal policy of family separations.

Palantir says its software is being used to “provide secure, reliable, and timely processing of data – while protecting the privacy of data subjects – to enable NHS decision makers to make informed, effective, and responsible public health decisions”.

But serious questions remain about whether the firm has earned the public’s trust, and is a fit and proper partner to be handling the sensitive personal health information of millions of NHS users across England. How should, say, Black or Muslim NHS users feel about their health data going to a company with a long track record of work with the CIA, the US Department of Defense and the LA police?

We’ve been asking the government questions in letters for months. We’ve asked them, repeatedly, what the long-term plans for the datastore are. Whether the companies involved stand to profit from this crisis. And how our personal health information is being used, traded and protected. These are critical questions which affect millions of people across the country. And yet the answers we’ve received have been partial, misleading and obfuscatory.

On 11 December, suspecting they were getting ready to strike a long-term deal with Palantir and others, we wrote to the government warning that we would issue court proceedings to challenge any such move.

Under the NHS Act, common law and data protection laws, the government has to consult the public about major changes to the National Health Service. Were they planning to do so?

They also have to conduct a ‘data protection impact assessment’: to show that they are complying with a range of laws to protect citizens’ sensitive health information. Had this been done?

We also questioned whether it was appropriate to use the so-called G-Cloud framework – an accelerated system for quick-fire, minor contracts – for flagship long-term programmes. We expressly sought assurance that no permanent steps would be taken until the legal issues were resolved.

Instead of responding, the government simply pushed the deal with Palantir through, thereby avoiding having to defend themselves in court.

On top of that, they used our enquiries as an excuse to hide what they were up to; telling other journalists that they couldn’t answer their questions on the COVID-19 datastore because it was the subject of “legal action”, while pressing ahead with the deal anyway.

Secrecy and Obfuscation

This fits a long, worrying pattern of secrecy and obfuscation. Back in June, we had to threaten to sue to just force the government to publish the original contracts governing the NHS COVID data deals. More than 14,000 people across the country backed our call – but we should never have had to fight. People have a right to know how their health assets are being held, protected or traded.

They also have a right to be heard about whether a firm like Palantir is right for the NHS. Palantir’s co-founder, Peter Thiel, was not merely a major donor to the campaign of President Donald Trump: during the 2016 campaign season he chose to consult with avowed White nationalists.

When pressed, Palantir seeks to justify its support for rights abuses committed by government clients by claiming its role is not to set the direction of a democracy’s travel. This is an impoverished view of democracy, in which people periodically vote, but on all detailed questions the government governs, and contractors contract. Our organisations, openDemocracy and Foxglove, are both founded on a different idea: that democracy is a participation sport, involving constant negotiation between the governors and the governed.

openDemocracy’s journalism this year has uncovered countless ‘COVID cronyism’ scandals involving Boris Johnson’s government: massive, taxpayer-funded contracts for Tory donors, allies, or large firms without fair competition or scrutiny. Vast sums have gone to unaccountable companies to deliver a range of poorly performing COVID services, from ‘disastrous’ PPE provision to the failing Test and Trace system.

The government’s furtive conduct around the datastore once again exposes a lack of respect for the views of the citizens who fund the NHS. And it raises real concern about recently revealed plans for a radical ‘shake up’ of the NHS, currently understood to be in development under a political unit in Downing Street. What will that mean?

Healthy democracies hold their leaders accountable. The government snuck through the Palantir deal to avoid scrutiny or debate. But the result will be quite the opposite.

We’re now assessing the grounds for a more ambitious legal challenge: to establish a precedent that will stop them ever doing this again. From Freedom of Information failings to the blacklisting of journalists to the ‘chumocracy’ which has defined the chaotic, failing COVID response, the secrecy, cronyism and lack of accountability we’ve seen from the UK government this year cannot become the new normal. And we’re going to fight to make sure it isn’t.

Print Friendly, PDF & Email
This entry was posted in Health care, Politics, Privatization, UK on by .

About Lambert Strether

Readers, I have had a correspondent characterize my views as realistic cynical. Let me briefly explain them. I believe in universal programs that provide concrete material benefits, especially to the working class. Medicare for All is the prime example, but tuition-free college and a Post Office Bank also fall under this heading. So do a Jobs Guarantee and a Debt Jubilee. Clearly, neither liberal Democrats nor conservative Republicans can deliver on such programs, because the two are different flavors of neoliberalism (“Because markets”). I don’t much care about the “ism” that delivers the benefits, although whichever one does have to put common humanity first, as opposed to markets. Could be a second FDR saving capitalism, democratic socialism leashing and collaring it, or communism razing it. I don’t much care, as long as the benefits are delivered. To me, the key issue — and this is why Medicare for All is always first with me — is the tens of thousands of excess “deaths from despair,” as described by the Case-Deaton study, and other recent studies. That enormous body count makes Medicare for All, at the very least, a moral and strategic imperative. And that level of suffering and organic damage makes the concerns of identity politics — even the worthy fight to help the refugees Bush, Obama, and Clinton’s wars created — bright shiny objects by comparison. Hence my frustration with the news flow — currently in my view the swirling intersection of two, separate Shock Doctrine campaigns, one by the Administration, and the other by out-of-power liberals and their allies in the State and in the press — a news flow that constantly forces me to focus on matters that I regard as of secondary importance to the excess deaths. What kind of political economy is it that halts or even reverses the increases in life expectancy that civilized societies have achieved? I am also very hopeful that the continuing destruction of both party establishments will open the space for voices supporting programs similar to those I have listed; let’s call such voices “the left.” Volatility creates opportunity, especially if the Democrat establishment, which puts markets first and opposes all such programs, isn’t allowed to get back into the saddle. Eyes on the prize! I love the tactical level, and secretly love even the horse race, since I’ve been blogging about it daily for fourteen years, but everything I write has this perspective at the back of it.


      1. TimH

        The UK GDPR replacement is in the works… probably be 5-eyes friendly, and European Commission will moan.

        …the GDPR will be amended by statutory instrument to remove certain provisions no longer needed due to the UK’s non-membership in the EU. Thereafter, the regulation will be referred to as “UK GDPR”. The UK will not restrict the transfer of personal data to countries within the EEA under UK GDPR. However, the UK will become a third country under the EU GDPR, meaning that personal data may not be transferred to the country unless appropriate safeguards are imposed, or the European Commission performs an adequacy decision on the suitability of British data protection legislation (Chapter V). As part of the withdrawal agreement, the European Commission committed to perform an adequacy assessment.

  1. Kris Alman

    In 1974, as part of the Privacy Act, the U.S. government defined Fair Information Practice Principles (FIPPs). Although these principles are not in themselves law, they form the backbone of privacy law in the United States and the world.

    The problem is that BIG DATA undermines one of the major principles: Data Minimization.

    Governmental agencies are outsourcing this work because it requires updated secure systems. That’s why “proven” foot soldiers in the spy industry become the go-to companies.

    Does England have an equivalent of our awful HIPAA?

Comments are closed.