Campaign groups are seeking a judicial review of the UK government's decision to award a £23m NHS contract to controversial AI company Palantir.
Separate investigations show Palantir had been in discussions with the NHS about exploiting the health data of UK citizens since the middle of 2019, well before the pandemic.
In December last year, the NHS signed a two-year contract with Palantir, without scrutiny, even though the engagement with the UK health service was originally supposed to be a temporary, emergency measure to help address the COVID-19 pandemic. The new deal commits to using Palantir's Foundry platform until December 2022.
NHS awards £23m two-year deal to controversial Peter Thiel AI firm PalantirREAD MORE
News website openDemocracy, backed by tech campaign group Foxglove, has this week filed for a judicial review of that data deal between NHS and Palantir, the US AI firm that carries out information analysis and processing work for the defence and intelligence communities, often creating bespoke solutions such as digital-profiling tools for organisations including the CIA and ICE. The company was founded by prominent Trump financier and PayPal investor Peter Thiel.
In March last year, when the NHS announced a COVID data store project, working with Microsoft, Google, Palantir and Faculty – another controversial AI firm – it emphasised it was temporary. The original blog, since taken offline but archived here, said: "All NHS data in the store will remain under NHS England and NHS Improvement's control. Once the public health emergency situation has ended, data will either be destroyed or returned in line with the law and the strict contractual agreements that are in place between the NHS and partners."
openDemocracy's judicial review argues that the December contract represents such a change – it sweeps in issues unrelated to the pandemic – that it warrants public consultation under British data protection law.
The Palantir contract shows the deal covers many issues unrelated to the pandemic, such as Brexit and general business planning. At the same time, UK government had also completely redacted the list of health data sources fed into the Palantir datastore, the campaign groups said.
The change in the contract should therefore require public consultation. A "data protection impact assessment" (DPIA) should also consider whether handling sensitive health data on a national scale is fair and lawful. No such exercise has been carried out for the Palantir deal.
Ming Tang is the national director for data and analytics at NHS England and NHS Improvement. In her blog justifying the December contract, she said the services needed to "continue to improve the way that data is managed and used by the system while maintaining high standards of public trust and promoting transparency."
A separate report by the Bureau of Investigative Journalism (BIJ) said that Palantir's charm offensive to sell its services to NHS chiefs began back in the summer of 2019. It reported that emails between Palantir and NHS chiefs show the company discussed how it could work with patient data from the second half of 2019, well before the pandemic hit.
Palantir's UK boss, Louis Mosley, hosted a meal attended by David Prior, chair of NHS England, on 2 July 2019. Over watermelon cocktails, the party discussed potential future uses of the NHS's data. The next afternoon, Mosley emailed Prior, thanking him for "chairing" the dinner, according to the Bureau report based on a "trove" of documents obtains via the Freedom of Information Act.
By January 2020, Palantir's London team was already working on a product "exclusively focused" on the UK's healthcare market, the report said.
Later that month, Mosley wrote to Prior to offer a demonstration of Palantir's software and an introduction to CEO Alex Karp. In his reply, Prior copied in Matthew Gould, chief of the newly created NHSX.
The heavily redacted documents show Palantir also engaged officials at the Department for International Trade (DIT). By January 2020, officials at DIT were looking at ways to "support [Palantir's] growth in the UK" including "help with recruitment, identifying real estate for expansion [and] planning for visas."
Revealed: NHS England bosses meet with tech and pharmaceutical giants to discuss price list of millions of Brits' medical dataREAD MORE
The DIT told BIJ it has ensured all necessary due diligence was undertaken in the dealings.
According to the BIJ, talks between Palantir and NHS leaders were ongoing during NHS Health and Care Data Day, held in October 2019. As exclusively revealed by The Register, the event included Prior, Gould, and officials from other parts of the NHS and Genomics England, as well as representatives of AstraZeneca, Microsoft, and Amazon.
They discussed creating "an extraordinary and internationally unique resource", a "single, national, standardised, event-based longitudinal record for 65 million citizens". The leaked slides, seen by us, proposed that data sources from GPs, hospitals, community and social care be "curated" into a "national data model", the object being to "make the UK a world leader in data-driven research and innovation".
Earlier this month, the government launched its White Paper describing plans for integration and innovation in the NHS. It says that the COVID-19 pandemic response has shown new ways to "deliver care using innovative and creative solutions, exploiting the potential of digital and data, instead of needless bureaucracy". The reforms discuss improved data collection and sharing across the NHS.
It may be true that data collection and analytics can improve healthcare. But that does not explain the need to redact large parts of public contracts. Or why it took the threat of a court case to publish Palantir's earlier contract with the NHS. Nor does it explain why a judicial review might be necessary to get oversight of the latest contract.
Such moves that lack transparency do little to allay concerns of those who say the NHS is opening up the crown jewels of health data to be used for profit by private-sector firms.
Meanwhile, the person responsible for overseeing the deals, Health Secretary Matt Hancock, has been found to have acted unlawfully in failing to disclose contracts signed during the pandemic in a timely fashion. It doesn't exactly inspire confidence.
The Department of Health and Social Care has been contacted for comment, though the NHS told Sky News: "The company is an accredited supplier to the UK public sector, the NHS completed a Data Protection Impact Assessment in April 2020, and an update will be published in due course." ®