FCA's Palantir deal raises fears of US backdoor access to UK financial data
FCA Palantir deal: UK data at risk under Trump?

The UK’s financial watchdog is facing mounting pressure to ensure its partnership with the US tech company Palantir will not grant the Trump administration unauthorized access to vast amounts of sensitive citizen and commercial data.

Martin Wrigley MP, a member of the House of Commons science and technology select committee, has warned that a US law requiring tech companies to disclose information to American authorities may apply to Palantir’s deal with the Financial Conduct Authority (FCA) to detect financial crime.

The $375 billion tech company, co-founded by Trump-supporting billionaire Peter Thiel, is set to apply its AI systems to a wide range of FCA data, including case intelligence files, lender reports on fraud, consumer complaints, and social media monitoring. The arrangement is currently in a 12-week trial phase.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Concerns Over Data Sovereignty

Wrigley, the Liberal Democrat MP for Newton Abbot, expressed concern that the FCA is entrusting sensitive investigations to a foreign-controlled company that could be compelled to share data with the US government. “My concern is the FCA is doing very significant investigations into sensitive data using a foreign-controlled company that could be advised to pass data across to the US government,” he said.

The deal, first reported by the Guardian in March, has already drawn criticism from MPs and campaign groups. Palantir also provides software to ICE, which is enforcing Trump’s immigration policies, the Israeli military, and has contracts worth over £500 million with NHS England and the Ministry of Defence. On 21 May, London Mayor Sadiq Khan blocked a £50 million two-year deal between Palantir and the Metropolitan Police, citing a “serious breach” of procurement rules. He stated that Londoners want public money spent with companies that “share the values of our city.”

The FCA regulates the conduct of approximately 42,000 businesses, with responsibilities ranging from consumer protection to preventing financial crime and market abuse.

Legal and Technical Safeguards

When questioned by the Commons Treasury select committee in March, the FCA stated that the US Cloud Act does not apply and that the regulator will remain the data controller at all times. Jessica Rusu, the FCA’s chief data, information and intelligence officer, said, “There will not be any intelligence shared.” The FCA maintains that Palantir is a “data processor” and does not “control” the data.

However, Wrigley countered that “in the days of Donald Trump, control means whatever Trump thinks it means.” He has written to the FCA demanding a clearer explanation of the legal basis for its belief that the Cloud Act would not apply.

A legal expert in data handling noted that the distinction between controller and processor is misleading, as data processors can still fall under the scope of the US law. The only sure way for a US company like Palantir to avoid disclosing information under a court order is to ensure it does not have access to intelligible data.

Open Rights Group, a UK digital rights campaign, stated that the law “gives US authorities the right to access data held by businesses based in the US, such as Palantir.” Mariano delli Santi, its legal and policy officer, warned that by handing over data to Palantir, the FCA is pushing UK residents’ data into “the meat grinder of the Trump administration.” He added that the data could also be subject to the USA Patriot Act, which explicitly covers financial data, and parts of the Foreign Intelligence Surveillance Act, which allows monitoring of non-citizens’ digital communications outside the US without a warrant.

Palantir’s Response

Palantir refuted these fears, citing three key reasons why such a scenario “could never happen.” A spokesperson explained: “The Cloud Act does not give US law enforcement agencies unfettered access to data. It requires a serious criminal investigation and a judicial warrant before a request can even be made. In the event of such a request, US government guidance is clear that it should go to the organisations that control the data, not processors like Palantir. Because FCA data is encrypted with keys within the exclusive control of the FCA, it is not technically possible for Palantir to respond to such a request without the FCA’s direct involvement.”

Pickt after-article banner — collaborative shopping lists app with family illustration

An FCA spokesperson reiterated that the 12-week trial aims to improve information collation to better tackle financial crime. “The data used in the trial will be fully encrypted and under our control. No one is able to access the unencrypted data without our authorisation,” they said.