In the modern age of predetermined ‘For You’ pages and perpetual ‘Cookies’ requests, it has become difficult to know who has access to our data and what they are using it for. In most cases, we don’t even notice, or care. But when the data becomes something we would rather not share, our privacy can be jeopardised.
Few categories are more sensitive than health data. So, when Palantir, a multi-billion company under ever growing public scrutiny, is involved, concerns are reasonably raised about the safety of our most intimate and personal data.
In practice, Palantir is a data-driven defence contractor, whose systems are used by ICE, The IDF and wider CIA intelligence. According to the company itself, however, they are a software company, refusing to be called a ‘data company. In 2020, they issued a blog series titled ‘Palantir is Not a Data Company’, which wasn’t effective as they had to release a second edition; ’Palantir is Still Not a Data Company’, in 2025.
In the aforementioned blog posts the justifying argument is that the company never owns, or has autonomous control over any data it works with. It takes messy, and compartmentalised data, and organises it to enable analysis.
Although most of their work is in defence, analysing military intel and data, other avenues such as national health systems, like the NHS, are perfect.
As such, Palantir provided emergency software to the NHS during COVID-19. This secured a foothold leading to a Palantir-led consortium in 2023, which resulted in the ongoing contract. This contract entails the building and maintenance of a public health service, allowing for simple usage of health data, making queries effective under pressured time constraints.
But, how can data be controlled and modified but not owned? The issue is deeply un-intuitive.
In reality, data systems operators use Federated data platforms (FDP’s). These are ways of retrieving data that rely on authorised requests. The system works like this; a query is made, for example an NHS nurse searches the system for a patient’s health record, the system first checks her access permissions and, using an encrypted secure pipeline, searches the messy system and returns a clear data set of the patient’s history.
The whole secure request and data retrieval is also logged and recorded to prevent breaches, or the system provider dipping into the data. This importantly means that the data remains in its original location under NHS ownership and is only organised on demand.
In the publicly available NHS FDP contract, it is clearly stated that all public health data is under NHS ownership. External providers such as Palantir have no ability to commercialise or make any other use of the data. Importantly, this prevents the use of data for AI or machine learning purposes. However, this is worryingly not impossible.
Although the NHS insists that the safety measures are sufficient, big questions still remain. To what extent do we trust Palantir not to breach UK law? Is it worth the risking public health data? Do we actually want to finance such companies with public funds ?
Today, the moral weight of such ties cannot be ignored.
“Palantir Keychains at Super Happy Dev House” by Tech.Co (formerly Tech Cocktail) is licensed under CC BY-SA 2.0.