Medical and legal rights campaigners are warning that the Palantir data platform, designed to be at the heart of England's health system, risks enabling UK immigration and policing departments to access confidential patient information. The warning comes as one of the UK's most controversial technology contracts continues its rollout across the NHS.
The report is written by medical campaign group Medact and endorsed by legal campaigner the Good Law Project, Privacy International, Just Treatment, Corporate Watch, United Tech, Allied Workers Union, and is supported by Amnesty International. The FDP contract, awarded to Palantir for £330 million in November 2023 for seven years, could, by bringing together disparate health datasets onto a single platform run by Palantir, enable UK government departments to move sensitive information around.
The core concern centres on how data architecture decisions made today could create vulnerabilities tomorrow. The report argues there is evidence of "significant cross-department data compiling and analysis, which can be used to enable data-driven abuses of state power," and raises concerns that a current or future government could abuse the data held in the FDP by utilising the interoperability of Foundry and its ability to draw from other government datasets.
The context for these concerns is specific. Palantir is working on a tool for Immigration and Customs Enforcement (ICE) that populates a map with potential deportation targets, brings up a dossier on each person, and provides a "confidence score" on the person's current address; ICE is using it to find locations where lots of people it might detain could be based. ICE and the Centers for Medicare and Medicaid Services signed a data-sharing agreement that would allow ICE to receive the personal data of nearly 80 million Medicaid patients. This precedent shapes the anxieties expressed by campaigners in Britain.
Palantir mounted a forceful response. A spokesperson said "Palantir software is playing an important role in improving patient care, helping to deliver 100,000 additional operations, a 12 percent reduction in discharge delays, and the removal of 675,000 patients from waiting lists," adding that how the software is used is entirely under the control of the NHS with data only able to be processed in accordance with strict instructions, and that not only does the company have no intention of and no means of using the data in the way Medact suggests, to do so would be illegal and in breach of contract.
The dispute reflects a genuine tension between efficiency gains and institutional safeguards. Manchester ICB put off adopting the FDP for a second time, with the board saying in May that NHS England had not addressed its concerns around risks; an earlier report found Manchester's local capacity in data analytics "exceeds anything the FDP currently offers and that some of the capabilities we currently have actively in use are around two to three years away from being fully operational with the FDP environment."
The British Medical Association voted to lobby against the firm's involvement in the NHS at its annual representative meeting in June 2025, owing to "a lack of transparency in how the data will be stored and processed, a track record of creating discriminatory policing software in the US, and close links to a US government which shows little regard for international law." The BMA's deputy chair said "If Palantir's software is being used to target individuals in immigration enforcement and is being deployed in active conflict zones, then that's completely incompatible with the values we uphold in the delivery of care," warning that patients may choose to withhold information from their doctor if they do not trust the organisation processing their data.
NHS England says data in the Federated Data Platform remains under NHS control at all times and the supplier will not be permitted to access, use or share it for their own purposes. Yet the NHS still needs to complete a Data Protection Impact Assessment before any patient records are allowed to be processed.
Medact says the FDP is not yet mandatory and local health bodies are able to raise concerns and decline to implement it at the local level, noting that it is the view of the authors and endorsers that there are many more suitable options for data management solutions for trusts and integrated care boards. This matter will ultimately test whether safeguards written into contracts can withstand the pressures that emerge once systems become entrenched in government operations.