This August, my wife and I are expecting our first child. We are
very excited and thankful that it is really happening. Doing the research that
we’ve done has made me really think about the parent-child relationship.
The parent-child relationship changes forms throughout stages of
life. As a fetus, the mother does everything. As a newborn, the parents
have full control over how they wish to raise the child. As the child matures,
reliance on the parents dwindles, while the child begins to own its own
destiny. But one thing doesn’t change, though, and that is the responsibility
of the parent.
In the data privacy industry, the parent is the Controller and
the child is the Processor. The Controller enables the child to do many things
and maximizes what it can do within the boundaries. But the Controller also
needs to set those boundaries and expectations, while enforcing some degree of
Let’s quickly define the Controller and Processor and point out
the differences between them.
- Controller – “means the natural or legal person, public authority, agency or
other body which, alone or jointly with others, determines the purposes and
means of the processing of personal data”
- Processor – “means a natural or legal person, public authority, agency or other
body which processes personal data on behalf of the controller”
For example, when you sign up for a cellular plan. The company
collects all your data, and then another organization stores and catalogs the
information. The same thing happens when you sign up for a credit card that
gives discounts at specific stores. Your credit card company gets your
information and then gives it to the specific stores. In this scenario, the credit
card company is the Controller and the stores are the Processors.
Every member of the family needs their own privacy. It is up to
the parent (Controller) to set the boundaries in the house, and for the child
(Processor) to apply it.
And that is our big, happy family of data privacy.