Palantir's NHS Data Deal: What 'Unlimited Access' Actually Means

The UK's National Health Service has handed Palantir—the Peter Thiel-founded data analytics firm with deep ties to US intelligence agencies—a contract to build and run the Federated Data Platform, a centralized system designed to unify NHS patient records across England. Critics are calling it one of the most consequential and least-scrutinized data deals in British history.-s[1]-✦✦✦✦✦✦

What the Contract Actually Covers

The £330 million, seven-year contract gives Palantir the role of primary contractor for the NHS Federated Data Platform (FDP). The system is intended to help hospitals manage waiting lists, supply chains, and patient flow more efficiently. But the scope of data involved is vast:

• Millions of patient records spanning diagnoses, treatments, prescriptions, and mental health information
• Data from NHS trusts across England, aggregated into a single operational platform
• The infrastructure is designed to be expanded over time, meaning Palantir's footprint could grow well beyond the initial use cases

The phrase "unlimited access" comes from concerns raised by privacy advocates and legal analysts who argue the contract language does not place sufficiently clear restrictions on how Palantir can use, analyze, or sublicense the data it processes.

Why Palantir Is a Lightning Rod

Palantir is not a neutral tech vendor. The company was co-founded with seed funding from the CIA's venture arm In-Q-Tel, and its core business has long involved building surveillance and targeting systems for US military and intelligence agencies. Its software has been used in:

• ICE immigration enforcement operations in the United States
• Predictive policing programs criticized for racial bias
• Battlefield data analysis for NATO and allied militaries

For privacy campaigners, handing this company the keys to NHS data isn't just a procurement decision—it's a geopolitical one. The concern isn't only about Palantir misusing data today, but about what a future US administration, a corporate acquisition, or a change in Palantir's business direction could mean for British patients who never consented to their records leaving the public sphere.

The Consent and Oversight Gap

The NHS has a troubled history with patient data deals. The 2021 GP data grab was paused after public backlash. DeepMind's 2015 data-sharing arrangement with the Royal Free NHS Trust was later ruled unlawful by the Information Commissioner's Office.

With Palantir, the core issues are:

• No meaningful opt-out for patients whose data flows into the FDP
• Limited parliamentary scrutiny of the contract terms before signing
• Opacity around data governance—who audits Palantir's access, and how often?
• The contract was awarded without a full Data Protection Impact Assessment being published

NHS England insists patient data is anonymized and that Palantir cannot use it for commercial purposes beyond the contract. Palantir has made similar assurances. But independent legal experts have noted that the contractual safeguards are less robust than the public statements suggest.

What Comes Next

Several civil society organizations, including Foxglove and openDemocracy, have been pushing for full contract disclosure and a genuine opt-out mechanism for patients. The UK's Information Commissioner's Office has signaled it is monitoring the situation.

For now, the deal is live. Palantir is embedded in NHS infrastructure. The debate isn't about whether it should have happened—it has. The real question is whether democratic oversight can catch up to a contract that moved faster than public accountability ever could.

If you're an NHS patient in England, your health data is almost certainly part of this system. You were not asked.