The government has committed not to extend Palantir’s £23m contract beyond Covid-19 uses without consulting the public, a law firm campaigning for transparency on government contracts has said.

US tech firm Palantir was awarded the two-year contract to continue its work on the NHS Covid-19 Data Store in December 2020 under the Crown Commercial Services G-Cloud 11 Framework, which does not require a tender to be published.

Following the contract award, Foxglove Legal and openDemocracy brought a judicial review against the government over what they labelled a “secret” deal that required greater transparency.

Foxglove and openDemocracy have today claimed the government “conceded” it would not offer Palantir a long-term role in the NHS without public consultation after receiving legal filings from the organisations.

It means Palantir will not be able to process NHS data for non-Covid purposes without consultation including public juries. Data protection impact assessments (DPIAs) will also be required for any contract extension to analyse whether it would be in compliance with data protection laws.

However, the government denied “conceding” the case. A spokesperson for NHS England said: “Actually OpenDemocracy have had to drop their court case unilaterally as it was apparent even to them that the NHS has always acted in accordance with its legal responsibilities.

“They therefore stood no chance of succeeding in their completely spurous claim. It would be more honest if they actually came clean with their crowdfunders that far from ‘winning’ this case they had no choice but to drop it when they realised they hadn’t a leg to stand on.”

Foxglove Legal and openDemocracy have campaigned for transparency surrounding deals between the NHS and big tech firms, including Palantir’s contract with the NHS Covid-19 Data Store, since the contracts were first awarded as early as March 2020.

Mary Fitzgerald, editor-in-chief of openDemocracy, said: “After months of legal battles for transparency over these massive NHS data deals, we’re glad the UK government has finally admitted it had no business installing a controversial ‘spy tech’ firm like Palantir permanently in our NHS without asking people first.

“We’re delighted that the government has given up on this critical point, but there’s still work to do. Deep concerns remain about whether Palantir, with its chequered history and close ties to the security services, will undermine trust in the NHS – and damage public health as a result.”

Aside from NHS contracts, Palantir was drafted in to oversee the UK’s post-Brexit border and customs data. The firm’s partnership with the US Immigration and Customs Enforcement, the department charged with deporting undocumented migrants, has also sparked concern among privacy campaigners.

The firm’s £23m NHS contract commenced on 12 December 2020 and confirmed the continued use of Palantir’s Foundry data management platform in the NHS Covid-19 Data Store until December 2022. The Data Store was established in March 2020 to manage Covid-19 data to inform the government’s response to the virus.

Parts of the contract were redacted, including sections titled “limit of parties’ liability” and “data integration and analytics capability for self-service” which specifically covers how many “authorised users” are permitted to create and modify tools designed using the data.

A second section about “authorised user groups” was also redacted.

The contract will likely outlast the anticipated end of the pandemic and raises questions about the use of Covid-19 emergency measures put in place earlier in 2020, openDeomcracy and Foxglove said in a joint statement following the contract award.

The Data Store

Palantir was contracted in March 2020 to help develop the NHS Covid-19 Data Store for a fee of £1. The contract was due to expire in June but was extended for four months at a cost of £1million. NHS England later revealed it was seeking a supplier to continue work on the store at the end of the extended contract, with a supplier expected to be chosen by the end of 2020.

Digital Health News first reported in September that the contract could be worth up to £18m a year over five-years, totalling almost £100m by completion.

Palantir was among a suite of private tech firms hired in March to help deliver the NHS Covid-19 Data Store and other Covid-19 responses. Google, Amazon, Microsoft and AI firm Faculty all hold contracts to work on the platform.

The government had faced fierce backlash for failing to publish the original contracts, including Palantir’s, and only did so in June just hours before proceedings brought by openDemocracy and Foxglove were due to start. In February this year Matt Hancock was found to have broken the law by failing to publish details of coronavirus-related contracts within the required 30 day timeframe.

A recent Bureau of Investigative Journalism (BIJ) investigation revealed NHSX chief executive Matthew Gould had “a very positive meeting” with the US firm in October 2019, months before the firm secured its first contract to work on the NHS Covid-19 Data Store.

On 2 July 2019, the evening before NHSX was officially launched, Palantir’s UK boss Louis Mosley hosted a meal with chair of NHS England David Prior where they discussed potential future uses of NHS data, according to emails released to the Bureau under freedom of information requests.

privacy notice relating to the NHS Covid-19 Data Store states Palantir, and other tech companies involved, only have access to pseudonymised and anonymous data, but concerns have been raised about how private tech firms could be using NHS data.

A November National Audit Office report on government Covid-19 contracts found a general lack of transparency and adequate documentations around decisions to appoint some suppliers, mostly relating to PPE and testing services.