Fears over ‘Big Brother’ changes that are subtly removing freedoms

Martin Shipton

Subtle changes to data law that have received little publicity have put Britain further along the road to a “Big Brother” state, according to an information campaigner.

Jayne Garland, a retired Welsh Government manager, says she wants people to debate the issues before it is too late.

In a letter to her MP Chris Evans, who represents Caerphilly, she stated: “I am writing on a matter I believe is of the gravest importance to civil liberties, democratic accountability, and the rights of every person in this constituency.

“I am not writing about a hypothetical future threat. I am writing about a sequence of events that has already occurred — largely without public debate, largely without parliamentary scrutiny, and at considerable speed. “The cumulative effect is that protections which have stood between the British public and automated behavioural surveillance are being dismantled, piece by piece, while a single US surveillance company – Palantir – embeds itself ever more deeply inside the infrastructure of the British state.

“For over a decade, Article 22 of the UK GDPR has enshrined a fundamental right: that no person shall be subject to a decision based solely on automated processing — including behavioural profiling — that has legal or otherwise significant effects on them, without their knowledge or consent. This is not a technicality. It is the legal barrier between citizens and systems that make consequential decisions about their lives — their access to credit, housing, employment, healthcare, policing, immigration status — without any human being accountable for those decisions.

“The Data (Use and Access) Act 2025, which received Royal Assent on 19 June 2025, removes that prohibition. The government argued this was necessary to enable wider adoption of AI. The Open Rights Group warned, with considerable force, that it will instead ‘favour the unsafe deployment of AI at the expense of the welfare and well-being of the British public, exposing them to heightened risks of discriminatory and unfair decisions taken against them’.

“The Information Commissioner’s own office cautioned that removing the general prohibition on automated decision-making could weaken individual protections.

“The same Act replaced the independent Information Commissioner — a singular, independent officeholder — with a new Information Commission whose members are largely appointed by the Secretary of State. The Liberal Democrats warned during passage that this increases the risk of political interference and has structurally weakened the independence of data protection regulation in this country. The EU, whose adequacy decision governs the lawful flow of data between the UK and Europe, identified these same changes as a significant concern during its review.

“In March 2026, the Financial Conduct Authority (FCA) awarded Palantir Technologies a contract worth more than £30,000 per week to analyse its internal data lake — a repository containing case files, reports of suspected financial wrongdoing, consumer complaints, emails, call recordings, and social media data relating to investigations into the 42,000 firms it regulates. The FCA described this as a three-month trial to improve fraud detection.

“This contract arrived within weeks of the government signalling, in a published report on its use of data analytics, its intention to make greater use of AI across public services.

“Taken together, these three events — the removal of the behavioural profiling prohibition, the government’s data analytics report, and the FCA/Palantir contract — constitute a pattern, not a coincidence.

“Palantir’s strategy is publicly documented by its own executives as ‘land and expand’: enter a public institution through a narrowly-scoped, time-limited contract; demonstrate value; become embedded; and become very difficult to remove.”

Patient data

Palantir has also been granted contracts that involve handling patient data in NHS England, sensitive data held by the Ministry of Defence, as well as by 11 police forces.

Ms Garland wrote: The same questions now apply to the FCA that were never adequately answered elsewhere: what does Palantir learn about the FCA’s investigative methods? What insights become embedded in its systems? What is the cost of exit once the infrastructure is in place?

“What concerns me as a citizen, and what I believe should concern you as my elected representative, is not any single contract or any single legislative change. It is the manner in which they are arriving: sequentially, quietly, and with each step presented as routine modernisation or emergency necessity.

“Individually, each [change] can be presented as reasonable. Cumulatively, they remove the legal protections, weaken the independent regulator, expand the infrastructure, and normalise the presence of a single US surveillance company at the centre of British public life — a company whose founder has publicly stated he no longer believes freedom and democracy are compatible.”

Questions

Ms Garland asked Mr Evans six questions:

* Do you personally support the removal of the prohibition on automated behavioural profiling without consent, as enacted by the Data (Use and Access) Act 2025? If so, what safeguards do you believe are adequate substitutes for the right that has been removed?

* Were you satisfied with the level of parliamentary scrutiny given to the removal of Article 22 protections during the passage of the Data (Use and Access) Bill? Do you believe the public was adequately informed of the significance of this change?

* Do you believe it is appropriate for Palantir Technologies — a company with documented links to US immigration enforcement, military targeting systems, and whose founder has publicly rejected democratic values — to hold contracts with NHS England, the Ministry of Defence, 11 police forces, and now the Financial Conduct Authority? What is your view of the cumulative risk?

* The FCA/Palantir contract was awarded at a time when the prohibition on automated profiling had just been removed and a government data analytics report had just been published. Do you regard this sequence as coincidental, or as indicative of a coordinated strategy? If the latter, was Parliament consulted on that strategy as a whole?

* What is your position on the replacement of the independent Information Commissioner with a body whose members are largely appointed by the Secretary of State? Do you believe this change adequately protects the independence of data protection regulation from political pressure?

* Will you commit to raising these matters — specifically the cumulative pattern of legislative change, the FCA–Palantir contract, and the adequacy of safeguards now that the behavioural profiling prohibition has been removed — in Parliament, and to sharing the government’s response with me?

‘Strong safeguards’

Mr Evans responded: “The Data (Use and Access) Act 2025 will ensure that anyone who wants to use digital ID services can do so with confidence. Its provisions will free up vital time for front-line workers and relieve people from unnecessary and time-consuming admin. It includes strong safeguards to ensure people’s data is properly protected. The Act will make it an offence to request the creation of deepfake intimate images without consent. It will also empower a court to deprive offenders of images and devices containing them.

“Regarding Palantir Technologies, Health is devolved to Wales. Palantir does not have a role in handling patient data in NHS Wales. The Welsh Government is committed to being transparent about privacy and the use of health and care data.

“While Palantir applies to England only, I can assure you I will follow developments closely and bear in mind the points you raised.

“Regarding automated individual decision-making and profiling, there are safeguards in place. For example, individuals must be provided with information about any significant decisions taken in relation to them based solely on automated decision-making, they may contest a decision to use automated decision-making in respect of them, and they have the right to require the controller to have a human involved in the decision.

“The functions of the Information Commissioner’s Office are transferred to the new Information Commission which has a board. Members must be selected on merit on the basis fair and open competition and must be able to demonstrate that they do not have any conflict of interest. I understand that there are concerns about the Secretary of State’s role in appointing members. However, data protection and the public will always be the priority and responsibility of the Secretary of State and the Commission.

“The Data (Use and Access) Act underwent scrutiny in the Commons and the Lords and followed ordinary parliamentary procedure.”

Ms Garland said she was not reassured by Mr Evans’ response and urged people to “wake up” before rights they take for granted are lost.