All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
Every time you see a doctor, you share information you wouldn't tell most people. Your diagnoses, your medications, your mental health…You share it because you have to, and because the National Health Service (NHS) has always felt like a safe place to do it.
This week, it got harder to feel that way.
NHS England has granted staff from a U.S. spy-tech company, Palantir Technologies, access to identifiable patient data before anonymization, according to a recently leaked document:
“The public will be rightfully concerned that data privacy is not the first concern,” Martin Wrigley, a Liberal Democrat of the House of Commons technology committee, said of the leaked note. “This somewhat cavalier attitude to data security demonstrated how this whole project does not have security by design at its heart.”
Palantir holds a £330 million contract to run a data-sharing system called the Federated Data Platform (FDP), which connects information from hospitals, general practitioner surgeries, and NHS organizations across England.
Under the previous 2023 contract, Palantir staff had to apply to access specific pseudonymized data sets. Now, certain staff get an "admin" role with, in the NHS's own words, "unlimited access" to patient data before it’s anonymized.
According to the Financial Times, the NHS says it has strict safeguards in place and that all external access requires government security clearance. But its own internal briefing note that was leaked acknowledged the change could create a "risk of loss of public confidence."
Palantir is an American data company founded with backing from the CIA. It builds software that enables governments and agencies to search large volumes of data to identify patterns and targets.
Palantir has two main products: the Gotham and Foundry platforms. While they share the same underlying technology, Gotham is the platform used predominantly among intelligence agencies, while Foundry operates in civilian-facing organizations. Foundry is the platform currently used by the NHS — they call it the “Federated Data Platform” (FDP).
In the United States, Palantir has spent over a decade building surveillance tools for immigration enforcement:
Immigration enforcement isn’t the only thing Palantir is involved in. In April 2026, Palantir's CEO, Alexander C. Karp published a book, The Technological Republic, which they briefly summarized on X, calling for AI weapons and compulsory universal military service. Former employees wrote an open letter condemning the company's direction.
Your health records contain personal information you might not have told your closest family members. A mental health diagnosis. A sensitive test result. A prescription you'd rather keep private. When you share that information with the NHS, you're not consenting to it being accessible to a private U.S. company with defense contracts.
On top of that, nobody outside NHS England can independently verify whether the promises being made are being kept.
According to an investigation done by The Nerve’s Carole Cadwalladr, Palantir holds 34 contracts across at least 10 U.K government departments, including:
The tenth, of course, is the NHS itself.
That’s the same company, the same technology, increasingly woven into British public services, with very little public visibility into how it all connects.
In March 2026, nearly a third of FDP trusts using the platform were found to be failing basic data security standards.
The honest answer? Not much.
The NHS made this decision without asking you, and there's no way to retroactively remove your records from a system you never opted into.
That said, there are a few things worth doing:
You shared your health records with the NHS. The NHS (without telling you) gave Palantir, a U.S. defense contractor, access to them. That contractor has a long record of building government surveillance tools, and we only found out because someone leaked a document.
In a recent All About Cookies survey, 69% of people said they're concerned about how much data the government can access about them, while 60% said there's something in their digital footprint they don't want others to find.
Regardless of whether Palantir is doing anything wrong with your data, the situation raises a question worth sitting with: Who decided this was acceptable, and why didn't they think you needed to know?
Top-rated data removal service that scrubs your info from 420+ data broker sites automatically
Independently verified by Deloitte, meaning removals are actually sent, confirmed, and not just claimed
The Unlimited plan extends coverage to 2,000+ additional sites with human-assisted custom removals
/images/2023/05/18/deleteme_review-1.jpg)
/images/2023/06/09/aura-review.png)
/images/2026/05/13/national_health_service_logo_on_blue_background.jpg){kind=logo}
/images/2026/05/12/hacker_in_data_security_concept._hacker_using_laptop._hacking_the_inte_q9rPpHH.jpg)
/images/2026/05/08/new-utah-age-verification-law-header.png)
/images/2026/05/05/surveillance-pricing.png)
/images/2026/05/04/uk-age-verification.png)
/images/2026/01/21/privacyhawk_review.jpg)
/authors/thomas-kent-headshot-cropped.png){kind=small}
/authors/kate-quinlan-new.jpg){kind=small}
/images/2025/09/11/incogni-logo.png){kind=logo}
