This August, my wife and I are expecting our first child. We are very excited and thankful that it is really happening. Doing the research that we’ve done has made me really think about the parent-child relationship.
The parent-child relationship changes forms throughout stages of life. As a fetus, the mother does everything. As a newborn, the parents have full control over how they wish to raise the child. As the child matures, reliance on the parents dwindles, while the child begins to own its own destiny. But one thing doesn’t change, though, and that is the responsibility of the parent.
In the data privacy industry, the parent is the Controller and the child is the Processor. The Controller enables the child to do many things and maximizes what it can do within the boundaries. But the Controller also needs to set those boundaries and expectations, while enforcing some degree of control.
Let’s quickly define the Controller and Processor and point out the differences between them.
- Controller – “means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”
- Processor – “means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”
For example, when you sign up for a cellular plan. The company collects all your data, and then another organization stores and catalogs the information. The same thing happens when you sign up for a credit card that gives discounts at specific stores. Your credit card company gets your information and then gives it to the specific stores. In this scenario, the credit card company is the Controller and the stores are the Processors.
Every member of the family needs their own privacy. It is up to the parent (Controller) to set the boundaries in the house, and for the child (Processor) to apply it. And that is our big, happy family of data privacy.