UK data security scrutiny deepens as Palantir’s firearms registry contract nears a 10-year horizon. MPs question data sovereignty, US influence, and safeguards for sensitive information across NHS, MOD and police use. This page answers the questions readers are asking about how data is protected, where it travels, and what this means for future government tech deals.
MPs are raising concerns about data sovereignty, potential US access under laws like the Cloud Act, and the sufficiency of safeguards when a US-based company handles a sensitive UK firearms registry. They’re asking how data is stored, who can access it, and what oversight exists over long-term contracts that tie public services to a single vendor.
Data sovereignty refers to where data is stored and who can access it. In practice, UK public services using Palantir could be subject to US laws if data transits through or is stored on US systems. MPs want clarity on data localization, access controls, and whether UK law remains sovereign in enforcement and protection, regardless of vendor location.
Safeguards include access controls, encryption, auditing, vendor governance, and contractual data-handling terms. MPs are seeking to know if data is encrypted at rest and in transit, who can view datasets, how data minimization is enforced, and what independent oversight exists to verify compliance with UK privacy standards.
If concerns about data access and sovereignty persist, future deals may require stronger UK-backed infrastructure, diversified suppliers, and clearer residency requirements. The goal is to reduce risk from single-vendor reliance while maintaining efficiency, security, and public trust in vital services.
Yes. Reports mention scrutiny across NHS, MOD and police contracts, with parliamentarians warning about dependence on a US-based provider. This reflects a broader debate about balancing innovation and security when public services rely on global tech platforms.
The Cloud Act potentially allows US authorities to access data stored by US-based companies, even when data is processed overseas. MPs want to understand how Palantir’s architecture and contracts guard UK data from unnecessary US access and what red lines or mitigations are in place.
In today’s newsletter: Its software is used from health services to militaries. But controversies and criticism of the $375bn company are leading some to ask if Palantir is too powerful