From Care.data to Palantir: How not to handle public trust

A few weeks ago, we stepped into the debate around the highly controversial Palantir–NHS contract, highlighting how the lack of public engagement has fuelled deep mistrust (you can find our original comments on our LinkedIn). Since then, the situation has only escalated. With more than 50,000 patients reportedly lodging complaints, the BMA (British Medical Association) advising clinicians to avoid or limit use of the system, and a coalition of major human‑rights organisations threatening legal action, the news that the Government may be looking for a way out of the £330 million, seven‑year contract feels almost inevitable.

What’s striking, though, is not just the scale of the backlash — it’s that none of this is new. The NHS been here before with national data‑sharing platforms, and the outcome was entirely predictable and probably avoidable. Yet the underlying purpose of the FDP (federated data platform) aligns closely with what people consistently say they want.

The controversy

Palantir is a US company best known for its work with military, intelligence and law‑enforcement agencies. It works with UK defence, major private‑sector clients, and in the US, with ICE (Immigration and Customs Enforcement). That alone raises red flags for many people, especially at a time when fears about the NHS being “sold off” to the US are running high and concerns about ICE’s actions remain prominent.

But to understand the depth of the controversy, you have to look at what Palantir was actually contracted to deliver: a federated data platform. In plain language, a system that connects other NHS systems — software that pulls operational data together so staff can see waiting lists, theatre schedules, treatment details and more in one place. It does not include full GP records or the full Spine.

Palantir is not creating new data. They are reportedly not given access to information that would allow them to identify individuals (though given the nature of the data being integrated, many feel this is a distinction without a difference). They do not own the data, cannot sell it, and cannot use it to train AI. They can only process it for specific, agreed NHS purposes.

In that sense, it’s similar to many other NHS systems people use every day. But for many, there is a profound difference between a system that holds information for direct care and a system that extracts and connects deeply personal health data for reasons that feel unclear or poorly explained.

The dichotomy

For years, I’ve been involved in broad engagement work asking people what needs to change to make the NHS better. They rarely talk about staffing levels or management structures. They often don’t talk about treatment options unless discussing specific services. What they do talk about — repeatedly — is communication: how they’re spoken to, how they’re acknowledged, how information is shared.

And they talk about the frustration of NHS computer systems that don’t talk to each other. They’re tired of repeating their story, their symptoms, their history. They’re tired of tests being duplicated because results can’t be accessed across services. People want systems that connect.

So the public consistently calls for better, more integrated digital systems. Yet every time the government tries to deliver a national version of exactly that, uproar follows.

Care.data in 2013 is the classic example. As Co‑pilot summarises, it became “the NHS’s most infamous data‑sharing programme” — a title it may soon lose to the Palantir saga. Despite a costly national mailout and frantic engagement efforts after launch, it collapsed within three years due to public opposition and GP practices switching off extraction by default.

It would be easy to conclude that people simply don’t want data‑integration platforms. But local versions succeed, and engagement shows that people understand and support the need for joined‑up systems.

The real issue is how these platforms are contracted and launched — and the perception this creates about who owns the data.

“I own my health data.”

My health data is personal. It is about me. No other system holds as much information about me as the NHS. But it doesn’t belong to the NHS — it belongs to me. I imagine you feel the same.

Like many people, I’m happy for my data to be used to support my care. I’m comfortable with it being used to improve services. I’m fine with it being combined anonymously with others’ data to improve understanding of conditions and treatments.

But I want to know what it’s being used for and why — because it isn’t just information. It’s my life: my birth, my fillings, my broken arm from a chaotic work sports day, my cancer scare, and everything in between.

Yet when contracting national data systems, government bodies often behave as though the data belongs to them. And when you act like you own something, you forget to ask permission. You forget that people might want a say. You forget that they might have legitimate questions.

That’s exactly what happened with Palantir. There was no consultation. No public engagement plan. No deliberative events. No attempt to bring people with them.

And, unsurprisingly to anyone who watched care.data unfold, outrage followed.

The real concern thought is that each time we get it wrong, suspicion in these systems increases and trust declines making harder to get it right next time.

Open Voice Lab recommendation

At OVL, our message is simple:

If you’re changing how you handle people’s most personal data, remember that to them it isn’t just data — it’s part of who they are. Take them on the journey with you.

Engage early. Engage continuously. It doesn’t need to be expensive or complicated. It is certainly easier — and far cheaper — than dealing with the fallout of failing to engage.

Reach out if you want to discuss this further.