Met Palantir pilot: The DPIA that raises extra questions than solutions
An eight-to-12-week pilot that stretched to 6 months. Extremely delicate worker information – well being information, prison offence info, particulars of susceptible people – processed by synthetic intelligence (AI) throughout greater than 50,000-plus present and former workers. A choice to not seek the advice of the workforce whose information was being sucked into the platform. No aggressive analysis of different suppliers. And a second tranche of questions the Metropolitan Police now refuses to reply.
These are the fault strains that run via the Metropolitan Police Service’s Knowledge Safety Influence Evaluation (DPIA) for its Palantir Foundry pilot, obtained by Pc Weekly. They illustrate how a key UK police drive balanced pace of deployment in opposition to governance obligations that defend officer and workers information from misuse. The way in which they did it raised many questions, and produced a “no remark” set of responses from the Met alongside the best way.
The pilot’s quick context was the 2025 BBC Panorama documentary, Undercover within the police, which uncovered critical cultural failings within the drive. In response to the DPIA, accomplished on 3 November 2025, the challenge’s specific objective is “to answer the gravity of current occasions and Panorama documentary on MPS Tradition” via intelligence assortment throughout an unlimited sweep of officer and workers information.
The pilot, formally titled, the Tradition Requirements and Integrity Ecosystem (CSIE), types a part of the Met’s New Met for London (NMfL) reform plan. It adopts what the DPIA describes as a “public well being strategy to lowering complaints, corruption and misconduct”, analysing information throughout three tiers of prevention: major, secondary and tertiary. The said ambition is to create “an enterprise information observatory containing cultural, skilled requirements and organisational well being intelligence”, constructed on a schema of roughly 90 metrics drawn from 90 information sources.
In response to our first spherical of inquiries to the Met, a spokesperson-attributed assertion stated: “Our pilot with Palantir permits the Met for the primary time to convey collectively information it already lawfully holds in a single place to determine potential requirements, welfare or cultural considerations. It additionally permits us to determine early points so we will act extra pretty and persistently, guaranteeing officers obtain help or face applicable motion earlier than issues escalate.”
The pace at which the pilot delivered outcomes was dramatic. Inside per week of Palantir’s roll-out, in accordance with the BBC’s April information article, the Met’s Professionalism Directorate had recognized tons of of potential misconduct breaches and a number of other alleged prison offences, together with abuse of authority for sexual functions, fraud, sexual assault and misconduct in public workplace. Two officers had been arrested, with an extra two suspended and underneath investigation. Some 98 officers had been being assessed for misconduct, with one other 500 receiving prevention notices after being flagged for abusing the IT duty-rostering system.
The Met spokesperson added: “The Met is stepping up its use of knowledge and expertise to strengthen skilled requirements, root out misconduct and improve public confidence.”
However the DPIA – a 34-page doc obtained by Pc Weekly – reveals vital gaps between the operational pace of the deployment and the governance infrastructure designed to guard the rights of the people whose information it processes.
The high-risk processing the DPIA admits
The DPIA’s preliminary screening questions verify the challenge was set to course of particular class information, prison offence information, information regarding kids underneath 13 and different susceptible people, and information on a big scale. It consists of monitoring, monitoring, and surveillance in public areas, using AI, automated decision-making, and profiling of people. The evaluation explicitly acknowledges the processing as “high-risk”.
In part Q2.25, the DPIA states that “the processing of private information” can be thought-about “potential high-risk processing” in that it involved “particular class information, prison offence information and susceptible people … Particularly, delicate well being information can be processed by collating and analysing the info for developments associated to hostile illness go away patterns.”
The dimensions is substantial. The evaluation covers greater than 50,000 present staff plus some former staff. It notes that “the processing concerned in Foundry is closely targeted on the private information, and actions, of MPS staff”, warning that if information had been exfiltrated, it “may trigger hurt” and determine people.
Regardless of this danger profile, the DPIA acknowledges that a number of safety and governance controls remained incomplete on the time of documentation. Automated entry controls had been marked “partially applied”. Entry logging was “deliberate however not but in place”. Efficiency assessments had not been deliberate. The system’s functionality to handle information evaluation, retention and disposal had “not been performed”. No documentation existed for the move and transformation of knowledge all through its lifecycle.
Pc Weekly acquired the DPIA on 3 June. The masking e mail described it as “an evolving doc so continues to be up to date”. The most recent date entry within the DPIA is 31 March.
The Senior Accountable Officer’s feedback, dated 3 November 2025 – the date the DPIA was first written – acknowledge this rigidity straight: “Whereas full testing has not been accomplished within the standard method (i.e. deploying Palantir on a pre-production system first), I perceive this danger has been partially mitigated via testing in situ. This displays a stability between sustaining the pace of the pilot and guaranteeing applicable safeguards. I’m happy with the testing so far.”
The session hole
Maybe essentially the most putting single entry within the DPIA seems at query Q2.29, which asks whether or not the challenge workforce deliberate to seek the advice of with people whose private information can be processed. The response was: “Thought of and never required.”
This dedication was made regardless of the challenge processing delicate well being information, illness absence patterns, skilled requirements information from the Centurion system – a extensively used platform for recording public complaints, conduct allegations, grievances and civil claims – and data referring to disabled staff, cease and search interactions, and custody-related points.
The Met’s personal Knowledge Safety Officer (DPO) subsequently really useful exactly the alternative strategy. Within the DPIA’s Recommendation and Suggestions part, dated 31 March 2026, the reviewer states: “I like to recommend clear communication with the people whose information can be processed. I like to recommend {that a} doc explaining the aim and scope of this challenge is produced and disseminated to MPS staff (workers and officers). I like to recommend producing an FAQ doc with any considerations that could be raised by MPS staff (workers and officers).”
The DPO additionally highlights a objective limitation concern: “The unique objective of gathering information for every system talked about within the System Necessities spreadsheet is completely different to the envisaged objective of this pilot. As such, this constitutes a change in objective which would require telling MPS staff (workers and officers) of the change, in addition to the lawful foundation for processing.”
Pc Weekly put inquiries to the Metropolitan Police Federation relating to its session with the Met, the transparency of communications to workers, and considerations round information retention. No response was acquired.
What we do know is that Matt Cane, basic secretary of the Metropolitan Police Federation, had instructed the BBC in April that workers “had been by no means knowledgeable that the improve would come with the deployment of Palantir’s synthetic intelligence”.
Alternate options that weren’t evaluated
The DPIA states that alternate options to Palantir Foundry had been “thought-about however not viable”, but it names no different suppliers, supplies no analysis standards, and provides no comparative evaluation. The Met’s personal in-house platform, the Enterprise Knowledge Platform (EDP), is described within the DPIA as “an inhouse platform that ingests information”, with techniques integration and information ingestion “ongoing underneath section 2 of the Knowledge, AI and analytics functionality programme”.
The DPIA notes that Palantir provides “extra enhanced functionality than what EDP is presently in a position to do, and this pilot is validating that”. It additionally says Palantir was “quicker and was in a position to produce an MVP to the timeframe that we wanted. The AI functionality provided by Palantir Foundry will not be obtainable with the EDP.”
The EDP was not but able to delivering the AI-driven analytics that Foundry may present – however it was additionally conceived because the central architectural layer via which information would move. The DPIA itself flags a “danger of lock-in with a number of information sources routing outdoors of EDP”, suggesting the Foundry pilot diverges from the Met’s personal information infrastructure technique.
A correctly aggressive course of may doubtlessly have evaluated different AI analytics suppliers in or alongside the EDP framework, however no such course of is documented.
When Pc Weekly requested the Met to supply an inventory of different suppliers evaluated, the analysis standards used, and the enterprise case detailing why Palantir was chosen, the drive declined to interact additional.
The references to a lacking minimal viable product (MVP) are vital. As of mid-March 2026 – greater than 4 months right into a pilot initially scheduled to conclude in January – the core system had not reached a testable state. All through this era, information continued to move into the platform.
The questions the Met didn’t reply
Pc Weekly submitted a second tranche of inquiries to the Met, addressing the gaps recognized within the DPIA. These coated the absence of a aggressive tender, the justification for sharing “not important” information underneath the Financial institution Mellat proportionality take a look at, the standing of incomplete safety controls, the analysis of jurisdictional danger given Palantir’s standing as a US-headquartered firm, and the ultimate disposition of MPS information held by Palantir after the pilot.
The Met’s response was a single sentence, declining to interact: “Following additional conversations, we aren’t going to supply this stage of element and don’t have anything additional so as to add to our earlier assertion.”
A number of of those unanswered questions carry vital authorized and operational weight.
The DPIA’s personal DPO part recommends that additional questions be addressed, particularly: “What’s going to Palantir do with the info after the trial ends (i.e., will Palantir retain a replica of the info or will any MPS information held by Palantir in relation to this trial be securely deleted)? If Palantir is planning to retain MPS information on the finish of the trial, what’s Palantir’s supposed use of the info? If Palantir is planning to make use of MPS information to coach its fashions, we assume that Palantir positions itself as an unbiased controller for this additional processing.”
The DPO additionally notes: “It isn’t presently clear what is going to occur to the info on the finish of the trial. If Palantir is planning to retain/use the info for its personal functions, it will be important that we perceive this in order that we’re ready (a) to evaluate and articulate Palantir’s lawful foundation for any additional processing and (b) to be clear with officers/workers about the truth that this can occur.”
On information minimisation, the DPO states: “As per the spreadsheet supplied to do with System Necessities, there’s a appreciable quantity of knowledge to be shared with Palantir. This raises battle with this precept, significantly round adequacy (the info collected needs to be enough to fulfil the supposed objective), relevance (solely information that’s straight associated to the aim needs to be processed) and necessity.”
The DPIA itself acknowledges at This autumn.12 that information sharing with Palantir goes past the strictly essential: “As a result of nature of the Palantir Foundry resolution, and the broad nature of the use instances for the CSIE Palantir pilot, we’re sharing extra information with the provider to be able to help the extra holistic views/insights, and so on for extra proactive investigations.”
And on the basic query of objective limitation, part Q5.06 is unambiguous. Requested whether or not private information is getting used strictly for the needs for which it was initially collected, the response is solely: “No, the info is used for added functions not initially specified.”
A precedent for UK policing
The Met’s Palantir pilot doesn’t exist in isolation. It sits inside a broader panorama of UK police forces working underneath the Police Digital Service and Nationwide Enabling Programmes mannequin, predominantly on Microsoft-centric cloud infrastructure. The choices made on this pilot – about procurement, transparency, information minimisation and jurisdictional publicity – are more likely to reverberate throughout different forces contemplating comparable deployments.
To what extent the DPIA’s inner suggestions have been resolved is unknown. The DPO requires clear coverage on information dealing with, coaching and consciousness for employees utilizing Foundry, auditing to allow full traceability and accountability, and readability on what occurs to information as soon as the pilot ends.
The Financial institution Mellat proportionality evaluation notes that “if the target is stopping misconduct, then analysing sure related information could also be rationally linked”, however warns that “transferring all information we maintain will not be rationally linked until we will present why every class of knowledge is important”.
The Met’s refusal to interact with questions on various suppliers, jurisdictional danger and information disposal leaves vital governance questions unanswered.
For a pilot that processes the private information of greater than 50,000 people – together with well being info, prison offence information and details about susceptible individuals – the hole between the pace of deployment and the maturity of safeguards is the story the DPIA tells, even when the Met won’t.
