Legal Guidance and Research / Experts / William Long
William Long#2738
LinkedIn External

William Long

Sidley Austin
WILLIAM LONG is global co-chair of Sidley’s highly ranked Privacy and Cybersecurity practice and heads the EU Data Protection group. He is also a member of the firm’s top-ranked Crisis Management and Strategic Response team, and he serves on the Steering Committee of the firm’s AI Working Group. William advises international clients on a wide variety of AI, GDPR, cyber incident, data protection, privacy, information security, social media, e-commerce, and other regulatory matters.

William has been a member of the European Advisory Board of the International Association of Privacy Professionals (IAPP) and on the DataGuidance panel of data protection lawyers. He is also on the editorial board of e-Health Law & Policy and also assists with dplegal (“data privacy” legal), a networking group of in-house lawyers in life sciences companies examining international data protection issues. 

William was previously in-house counsel to one of the world’s largest international financial services groups. He has been a member of a number of working groups in London and Europe looking at the EU regulation of e-commerce and data protection and spent a year at the UK’s Financial Law Panel (established by the Bank of England) as assistant to the chief executive working on regulatory issues with online financial services.

Practice Areas

Panels

  • Contributing Author
  • Other Publications

Qualified Year

  • 2008

Membership

  • Association of Privacy Professionals European Board
  • International Association of Privacy Professionals (IAPP) European Advisory Board
  • American Chamber of Commerce
  • Social Media Governance Forum
  • Centre for European Policy Studies Working Group on eCommerce Regulation

Qualification

  • LLB (1989)

Education

  • Queen Mary College, London (1989)

2 Contributions by William Long

Clinical research data protection under UK and EU GDPR: DUAA 2025 updates, lawful bases, transparency, secondary use, data sharing, international transfers, safeguards, rights exemptions, and practical checklist
PRACTICE NOTES
Clinical research data protection under UK and EU GDPR: DUAA 2025 updates, lawful bases, transparency, secondary use, data sharing, international transfers, safeguards, rights exemptions, and practical checklist
Data—and by extension, adherence to data protection rules—sits at the heart of clinical research, whether for clinical trials, pharmacovigilance activities or wider scientific inquiry. This Practice Note examines the data protection ramifications of running clinical research. In particular, it addresses who is accountable for compliance, the lawful bases relied upon, and how transparency should be delivered in this context... Allocation of responsibility for data protection compliance in clinical research Appropriate legal grounds for processing personal data for research purposes Transparency duties owed to participants and other data subjects Collaborative research arrangements and data sharing practices Derogations from data subject rights when processing for research A practical checklist of data protection points to consider when planning research activities The GDPR regimes On 25 May 2018, the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) became directly applicable and enforceable across all EU Member States and the EEA (the EU plus Iceland, Norway, and Liechtenstein), including the UK at that time, replacing Directive 95/46/EC (the Data Protection Directive). On 31 January 2020, the UK left the EU and EEA and, as a result, the EU GDPR ceased to apply under UK law from the end of the Brexit implementation period...
Life Sciences
mHealth apps: UK and EU GDPR and ePrivacy compliance on special category health data, consent, transparency, controller and processor roles, privacy by design/default, secondary use, sharing, security and enforcement
PRACTICE NOTES
mHealth apps: UK and EU GDPR and ePrivacy compliance on special category health data, consent, transparency, controller and processor roles, privacy by design/default, secondary use, sharing, security and enforcement
Developers, manufacturers and distributors in digital health—spanning mHealth apps and any associated Software as Medical Device (SaMD), artificial intelligence (AI) system or Artificial intelligence as a Medical Device (AIaMD)—must meet stringent data protection regulations in tandem with regulatory compliance across the entire lifecycle, from development through to commercialisation This Practice Note concentrates on data protection and privacy issues for mHealth (mobile health) and also considers the tighter safeguards governing the collection of an individual user’s health data. It does not cover broader life sciences regulatory matters, such as those relating to medical devices What is mHealth? For related guidance, see: Practice Note: Digital health—regulation of mHealth apps and medical software. Practice Note: Mobile app development and data protection. Practice Note: Digital health—data protection and privacy case studies, including wearables and AI diagnostic tools...
Life Sciences
Expert page AD
If you expected to see yourself on this page, click here.