This article originally appeared in Computing 9th June 2020

A data deal signed between the NHS and the US technology firm Palantir granted the controversial American data-mining company access to sensitive personal data of hundreds of thousands of patients, employees and members of the public.

The revelation came last week after the government finally released details of multiple data deals it had signed with Palantir, Microsoft, Google, and UK-based AI firm Faculty earlier this year.

The government published the details of contracts [pdf] after the campaigning website openDemocracy and law firm Foxglove threatened to take legal action against the NHS for withholding the information.

As part of the government contracts, Faculty and Palantir were granted certain intellectual property (IP) rights, openDemocracy said. The technology firms were allowed to train their algorithms and to make profit off their access to the NHS data.

The data shared with those firms includes personal contact details, race, occupation, gender, physical and mental health conditions, religious and political affiliation and past criminal offences.

While the government now claims that the contracts had been modified to address those issues, the new contracts have yet to be released by the government, according to openDemocracy.

The Faculty contract reveals that the NHS is paying over £1 million to the firm to provide AI services. Palantir, on the other hand, charged just £1 for use of its Foundry data management software by the NHS. The company is known for its surveillance work with US law enforcement and immigration services. Foundry played a part in the Brexit Vote Leave campaign.

Earlier in March, the NHS announced that it was working on the Covid-19Data Store project that would collate data from multiple health and social care organisations to “provide a single source of truth” about the outbreak.

openDemocracy raised doubts over the NHS deals at that time, pointing at the track record of tech firms and the British governments lack of transparency around a contract of this size.

Several MPs asked questions in parliament about the deals with private companies, and over 13,000 people also joined a call for transparency on those contracts.

While announcing the Data Store project, the NHS said that the data collected “will only be used for Covid-19” and that “only relevant information will be collected.”

The health agency also stated that all the data collected will either be destroyed or returned in line with the law once the public health emergency situation has ended.