FCA’s Palantir deal could expose UK financial data to Trump’s US, critics fear | Palantir
Britain’s financial watchdog is being asked to prove that its relationship with US tech company Palantir will not give the Trump administration backdoor access to sensitive citizen and business data.
Martin Wrigley MP, a member of the House of Commons science and technology select committee, warned that a US law that could force tech companies to disclose information to American authorities could invoke Palantir’s deal to help the Financial Conduct Authority detect wrongdoing.
The $375 billion tech company, co-founded by Trump-supporting billionaire Peter Thiel, is expected to apply its AI systems to a wide range of the FCA’s information, including case intelligence files, reports from lenders about proven and suspected fraud, consumer complaints and social media posts. The arrangement is currently in a 12-week trial phase.
Wrigley, the Liberal Democrat MP for Newton Abbot, said: “My concern is that the FCA is conducting very significant searches on sensitive data using a foreign-controlled company that may be advised to pass the data to the US government.”
The deal, first reported by the Guardian in March, has already raised concerns from MPs and campaigners. Palantir also supplies software to ICE and the Israeli army, which are running Trump’s immigration campaign, and has contracts worth more than £500 million with NHS England and the Ministry of Defence. On May 21, London mayor Sadiq Khan blocked a £50 million, two-year deal between Palantir and the Metropolitan police to apply artificial intelligence to criminal intelligence data, citing a “serious breach” of procurement rules. He said Londoners only wanted to see public money spent on companies that “share our city’s values”.
Meanwhile, the FCA regulates the conduct of around 42,000 businesses and its responsibilities range from consumer protection to preventing financial crime and market abuse.
Concerns over the sovereignty of public data in the UK are growing as authorities turn to US tech companies to apply artificial intelligence to increase productivity and achieve their goals.
Questioned about the Palantir deal, the FCA told the Commons Treasury select committee in March that the US law in question (the US Cloud Act) did not apply and that the regulator would always remain the data controller.
“No intelligence will be shared,” said Jessica Rusu, the FCA’s head of data, information and intelligence. The FCA said Palantir “does not control” the data but is a “data processor”.
But Wrigley said, “In the days of Donald Trump, control means whatever Trump thinks it means.” He wrote to the financial watchdog asking for “a better understanding of the legal basis on which the FCA believes the US Cloud Act will not apply in these circumstances.”
A legal expert on data processing said the distinction between controller and processor is misleading, as data processors do not automatically fall outside the scope of US law. Instead, the surest way for a US company like Palantir to avoid having to provide information in response to a court order under the law is to ensure that the company does not have access to any insightful data.
Open Rights Group, a digital rights campaign based in the UK, said the law “gives US authorities the right to access data held by US-based businesses such as Palantir”.
Legal and policy chief Mariano delli Santi said the US was not bound by UK legal frameworks that define the right of “data controllers” to decide how and why personal data is processed.
“By handing over data to Palantir, FCA is throwing UK residents’ data into the Trump administration’s meat grinder,” he said, adding that the data could also be part of the USA Patriot Act, which explicitly covers financial data, and the Foreign Intelligence Surveillance Act, a US intelligence law that allows monitoring of digital communications of non-citizens outside the US without a search warrant.
But Palantir cited three “glaring” reasons why what Wrigley fears “may never happen.”
“The Cloud Act does not grant US law enforcement unrestricted access to data,” a spokesperson said. “A significant criminal investigation and judicial authorization is required before a request can even be made. In the event of such a request, the US government’s guidance is clear that it should go to the entities controlling the data, not processors such as Palantir. Since FCA data is encrypted with keys within the exclusive control of the FCA, it is technically not possible for Palantir to respond to such a request without the direct involvement of the FCA.”
An FCA spokesperson said: “This 12-week trial will test whether we can improve the way we collect information so we can better tackle financial crime and the distress it causes. Criminals are not slow to use technology to cause harm. We must stay ahead of them. The data used in the trial will be fully encrypted and under our control. No one can access unencrypted data without our permission.”
