UK law
ICO updates guidance on direct marketing using electronic mail
The ICO has issued its guidance on direct marketing using electronic mail. The Data (Use and Access) Act 2025 introduced a new soft opt-in for charitable purposes in PECR regulation 22(3A). This allows charities to send direct marketing by electronic mail without people’s consent if certain requirements are met. The ICO has updated this guidance to explain how this works as well as making some stylistic changes.
FCA issues open finance roadmap including its vision for a smart data future
The Financial Services Authority has issued an open finance roadmap. It says that banking and financial services occupy a central place in the Government’s Smart Data Strategy, and open finance will be a critical enabler for developing smart data schemes across sectors. Enabling open finance to develop is also one of the FCA’s priorities. In its strategy for 2025 to 2030, it committed to setting out a delivery plan to help unlock open finance. Open finance can offer significant benefits, such as giving consumers and small and medium-sized enterprises greater control over their own financial data, and unlocking faster and more personalised financial services; stronger competition and greater incentives for firms to innovate and invest; supporting wider economic growth across the economy. The FCA is building on the foundations of open banking and international experience, with the aim of making sure that open finance develops in a way that is secure, trusted and proportionate.
High Court dismisses challenge for MPS policy on live facial recognition
In Thompson & Anor, R (On the Application Of) v Commissioner of Police of the Metropolis [2026] EWHC 915, the High Court dismissed a judicial review challenge to the Metropolitan Police Service’s revised policy on the overt use of Live Facial Recognition (LFR), holding that the policy is lawful and compatible with Articles 8, 10 and 11 of the ECHR. The claimants (one of whom had been wrongly stopped following a mistaken LFR match, and the other a civil liberties campaigner) argued that the policy gave police officers excessively broad discretion over where and against whom LFR could be used, contrary to the “quality of law” requirement. The Divisional Court rejected this, finding that the policy tightly constrains LFR use through three defined “use cases”, detailed rules on watchlists and locations, senior-level authorisation and oversight, and mandatory proportionality assessments explicitly addressing risks to freedom of expression and assembly. The court emphasised that discretion is structured and safeguarded rather than arbitrary, and concluded that neither claimant’s Convention rights had been breached.
Technology Secretary gives speech on AI sovereignty
The Technology Secretary set out a commercially focused vision for UK “AI sovereignty”, emphasising economic growth, competitiveness and resilience alongside national security. The government signalled a pragmatic, non‑dogmatic approach to AI regulation, rejecting both a pause on AI development and heavy‑handed intervention in favour of enabling innovation while managing strategic risks. It plans to back British AI companies where the UK has genuine strengths, alongside announcing a forthcoming AI hardware plan aimed at securing supply chains for chips and compute. The overall message is that the UK wants to remain open to global investment and collaboration while ensuring it has sufficient leverage and capability to shape how AI systems are built, deployed and governed with the aim of positioning the UK as a reliable, pro‑innovation partner rather than a rule‑taker in the global AI market.
EU law
European Commission seeks feedback on measures to ensure interoperability with Google’s Android under the Digital Markets Act
The European Commission has sent its preliminary findings to Google as part of the specification proceedings it started on 27 January 2026 under the Digital Markets Act (DMA). These preliminary findings outline the draft measures Google should implement to ensure that third parties have effective access and interoperability with key capabilities of Android. The proposed measures aim to ensure that competing AI services can effectively interact with applications on users’ Android devices and execute tasks accordingly, such as sending an email using the user’s preferred email app, ordering food or sharing a photo with friends. Currently, Google largely reserves these capabilities for use by its own AI offerings on Android phones and tablets. For example, the measures would allow competing AI services to be easily activated by users, using a custom ‘wake word’, a phrase that the user can speak to activate an AI service. The proposed measures will also enable competing providers of AI services to innovate and offer deeply integrated AI experiences to users on Android phones and tablets, along with Alphabet’s own AI services, such as Gemini. Opening up access to these capabilities will provide Android users across the EU with a wider choice of AI services. A consultation on the proposed measures closes on 13 May 2026. Following the consultation, the Commission may adjust the proposed measures. The final decision must be adopted within six months from the opening of the specification proceedings and will contain the final binding measures.
Review highlights Digital Markets Act remains fit for purpose and has positive impact
The European Commission’s first review of the Digital Markets Act (DMA) found that in the first two years of its application, the DMA remains fit for purpose and has opened up new opportunities for businesses and developers, while giving users more control over their experiences and devices, as well as access to more diverse and innovative digital products and services. The DMA allows for the transfer their data when switching between services and devices, the choice to select alternative search engines and web browsers instead of default providers, as well as with a meaningful choice about whether to allow gatekeepers to combine their personal data across services, preventing unauthorised profiling. In addition, the DMA is opening up gatekeeper ecosystems and enabling businesses to compete. Manufacturers of connected devices, such as earphones and smartwatches, are getting access to enhanced interoperability with gatekeeper’s operating systems, alternative browsers and search engines are being increasingly chosen by users as defaults on their devices, and new messaging apps have launched due to interoperability obligations, In future, the DMA needs to continue being enforced. Looking ahead, cloud services and artificial intelligence will be key focus areas to help meet the DMA’s objective of making digital markets fairer and more contestable. Finally, the review found significant untapped potential to fully achieve the objectives of fairness, contestability and harmonisation, which will require continuous regulatory dialogue and further rigorous enforcement.
Review on social networks interoperability
The European Commission has published a study on technical feasibility and demand from consumers and businesses for social networks interoperability. It found that although some aspects can be challenging to
implement, horizontal and vertical interoperability is technically feasible. However, currently there is no clear demand for interoperability between designated social networks, so the Commission will continue to monitor and assess how these services evolve.
