Duncan McCann: The dangers from Palantir’s UK data grab are already here

The dangers from Palantir’s reckless UK data grab are no longer theoretical – they’re already happening.

Last week, the Nerve revealed that people working in the Ministry of Defence (MoD) consider the US spy-tech giant is posing “a national security threat to the UK”. A senior systems engineer told the paper that ministers are “missing the realities of data scraping, of aggregation, and the fact that Palantir is building its own rich picture of our nation that they can use for their own ends”.

The government’s assurances that “all data remains sovereign and under the ownership of the MoD” are “missing the point entirely” the source continued. By bringing together different datasets, each of which is unclassified, the firm would be able to reveal secret information, like the locations of nuclear submarines.

Palantir’s whole business is built on connecting data together. And when you connect the data that changes your thinking and how you operate in the world. In the firm’s own words: “We build software that empowers organisations to effectively integrate their data, decisions, and operations.” Just look at what they’re doing in the US, where they’re using health data to target people for ICE.

And here in the UK, Palantir is processing all our health data already. When the Tories handed the firm the £330m contract for the Federated Data Platform, the health secretary promised that “safety and security of patient data” would be “front and centre”. And NHS England insisted – in terms strikingly similar to the MoD – that “All data within the platform is under the control of the NHS and will only be used for direct care and planning.”

Even before the contract was awarded, we were warning that it’s “not hard to piece together anonymous information”. And privacy campaigners said that Palantir “threaten personal privacy”, raised the risk that the spy-tech firm could “abuse information”, and called for further safeguards around how “people’s data is handled and protected”.

And how’s that going? Last week Health Services Journal revealed that almost a third of the NHS trusts using Palantir’s platform “were not meeting minimum data security standards”. And it’s not as if the NHS has a track record of keeping our data secure. The Guardian found that researchers using UK Biobank – the NHS’s trusted data partner that holds the medical records of 500,000 volunteers – have posted confidential health data online “dozens of times”.

Instead of following best practice and empowering the NHS to build the data systems we all need, ministers have fallen for Palantir’s pitch hook, line and sinker. As the spy-tech firm spreads its tentacles into the MoD, the police and across government, Wes Streeting has handed our personal health histories to a system that’s run by a company built from connecting data for military intelligence. The result isn’t better healthcare – it’s a permanent loss of digital control.

• Duncan McCann is tech & data lead at Good Law Project.