Over a year ago, the English NHS contracted US-based “spy-tech” firm Palantir to build a national database in response to the Covid-19 pandemic. The NHS failed to produce details on data releases from the platform for a full 18 months.
Watchdogs have placed scrutiny on the English healthcare system for lack of transparency around the project. This is mainly because, alongside Palantir, it includes cloud giants Google, AWS, and Microsoft.
This August, Dr. Nicola Byrne, National Data Guardian for health and social care, published the 2020-2021 annual report (see page nine for discussion relating to Palantir). In it, she explained that the NHS had committed to issuing a full register of releases of data from the privately-run database.
The contract originally stipulated that Palantir would run the database for the duration of the pandemic. However, in December 2020, the UK Government signed a deal to allow the company control for two years without oversight or competition.
Following a campaign for judicial review in March 2020, it was agreed that the scope of the database would not be expanded beyond Covid-19 without notifying the public.
The NHS has since released an admittedly thorough full register. It details who requested data, the legal basis for dissemination consistent with the GDPR, and more.
Skepticism Toward the Seeing Stone
Palantir has been responsible for creating custom solutions for digital profiling for agencies like the CIA and ICE. An aura of suspicion surrounds the duration of the firm’s contract with the NHS.
In discussion with The Register, members of NHS technical teams said they see little to no functionality in the Palantir solutions. At least not such that couldn’t be achieved with open-source data storage and analytical tools.
When the NHS finally released the register, some parties tempered their concerns. Although the system doesn’t pseudonymize all data, as many hoped.
Agencies use the information to identify infection hotspots and for other needs related to the pandemic. Looking at the register, it appears that is largely the case. However, a lack of transparency still exists in other areas. Chiefly, data requests have been denied with little to no reasoning given.
Access control is necessary, seeing as this is a specialized, and not a publicly available database. However, Palantir grants access at its discretion. This has caused some further concern. The release of the register is a positive step, but the NHS will need to do more going forward.