18 May 2020

Palantir’s responses to Privacy International’s questions

Liviu Ioniţă

On May 11th, the Defence and Security Monitor published the article “The battle against Covid-19 and collateral loses. Today: digital privacy”. The article was about data mining, the processing of a big data volume and the collection of important information, as a tool used by governments and organizations to limit the Covid-19, useful, though suspect of being a business manoeuvre of big providers of such services or an attempt by the governmental organizations to extend the mass surveillance. In that analysis, I have offered a presentation of the recent actions (following the information provided by public sources) of Palantir, one of the big companies which are offering solutions for pandemic’s elimination.

Image source: Hepta

Therefore, I have talked about an open letter sent (April 29th) to Palantir company by the Privacy International organizations, Big Brother, Watch, medConfidential, Foxglove and Open Rights Group, with 10 questions about the cooperation with the National Health Service (NHS) from Great Britain. Palantir responded to those questions.

Palantir UK “welcomes the opportunity to engage in dialogue with civil society about our efforts to support the NHS as a software provider”.

The company “enables organisations to manage their own data in more efficient way and has designed our software from the ground up to preserve privacy”.

Palantir is “concerned” with the framing of some of the asked questions which suggest “misunderstandings about the nature of our software and our role as a data processor for the NHS”.

On behalf of the “transparency in this moment of crisis”, still protecting the “confidential information about our customers or their internal processes”, Palantir offers the following explanations:

1. How does the information put into the Foundry system inform the learning systems of other Palantir products, such as Gotham?

Neither Foundry nor Gotham are learning systems as implied by the question. Both Foundry and Gotham are data integration platforms that enable organisations to manage and analyse their own data. Each customer is provided their own private Foundry or Gotham. All data, and all insights derived from these data using our software, remain in our customers’ ownership and under their control. These concepts are reinforced contractually, procedurally, and through technical means.

2. What are the types of data processed by Palantir in this work?

To answer this question, we would refer you to the information already made public by the NHS with regards to the types of data processed as part of its Covid-19 response.

3. Is Palantir obtaining access to any databases and/or records held by the NHS, such as online prescription systems, patient records, general practitioners' files, etc?

 a. How will this comply with requirements around special-category data processing under EU/UK data protection laws?

b. What are the agreements in place to ensure that doctor-patient confidentiality is respected?

 c. How is Palantir ensuring confidentiality of data that is ingested into its systems?

 The types of data listed in this question belong to the data controller and can only be processed at the controller’s direction. For this reason, we would refer you to the data controller, the NHS, to answer this question.

 Under the GDPR and other relevant law, Palantir UK is a data processor: an organisation that processes data on behalf of a data controller according to their instructions.

It is the data controller - in this case the NHS - that determines the manner in which data is processed, the purposes that this processing serves, and how this processing must adhere to legal frameworks.

As a processor, Palantir Technologies UK serves as a technical agent to its customers, providing software and services to enable and support them in analysing the data they control.

As such, any access to customer data under any circumstances would be strictly at the direction of customers, in support of legitimate purposes, and in adherence with all applicable rules and regulations.

4. As this contract with the NHS, will most likely involve the processing of specialcategory data (health data/health-related info), did Palantir carry out a Data Protection Impact Assessment (DPIA) in accordance with its General Data Protection Regulation and UK Data Protection Act 2018 obligations?

a. If not, why not?

 b. If yes, will this DPIA be publicly available and when? If not, why not?

As above, we would refer you to the data controller, the NHS, to answer this question. In accordance with 35(1) of the General Data Protection Regulation and 64(1) of the UK Data Protection Act 2018, it is for the data controller - not the data processor - to carry out a Data Protection Impact Assessment (DPIA).

5. How have you ensured that the NHS will be able to maintain the insights/data analysis obtained after this contract is completed?

It has been previously reported that your clients struggle with this. Under the terms of our contracts, customers retain full ownership and control over their data, analysis, and work products.

The Palantir Foundry platform stores data in standard, nonproprietary data formats and customers can readily export or migrate their data, as their own security policies and protocols permit. Palantir Foundry supports interoperability, using open APIs to enable integration with other systems.

6. Will Palantir retain the NHS data analysis or insights gleaned from this contract once this exercise is over?

No. As documented in the project’s announcement, the NHS retains full ownership of NHS data and any analysis derived from this data. To use an analogy: Foundry is to NHS data what spreadsheet software is to the contents of a spreadsheet. Just as the author of a spreadsheet can - whenever they desire - export its contents to another spreadsheet software, the NHS, as the data controller, can - without hindrance - export its data from Foundry into other data management software.

7. How will Palantir ensure that any personal data, including profiled or inferred data, stemming from this work with the NHS are effectively anonymised considering extensive research that suggests anonymisation techniques do not work?

As above, we would refer you to the data controller, the NHS, to answer this question.

8. Will Palantir be able to use the product trained under the agreement with NHS to improve other future products provided by Palantir?

 a. If yes, what applications will the product(s) trained by NHS data have?

 b. For what purposes will it/they be used?

As outlined in our answer to question 1, the Foundry platform is not a learning system as implied by the question.

9. In response to Covid-19, does Palantir have similar collaborations with/using the same products in other countries?

 a. If yes, in which countries?

 We are supporting a range of public and private sector organisations in their response to the Covid-19 crisis, including analysing the spread of COVID-19, measuring the effectiveness of mitigation strategies, and improving coordination between organisations such as hospitals and medical equipment manufacturers. More information is available on our website.

10. Do you have any other agreements with the NHS apart from the one that we inquired about above and has already being reported?

a. If yes, who are these agreements with?

 b. What are these agreements for?

 c. When will they be made public?

At this moment in time, we do not have any other agreements with the NHS.

The definition of the terms, following the General Data Protection Regulation (GDPR)>

- Data controller: a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing of personal data;

-Data processor: data processor is a person or organization which processes personal data on behalf of the controller. The data processor does not decide how the personal data are used;

-Data Protection Impact Assessment/DPIA: a systematic description of the envisaged processing operations and the purposes of the processing, the risks for such processing operations and which are the options to reduce and eliminate them.

English version provided by Andreea Soare