This document explains the history of the controller/processor distinction and demonstrates how widely that distinction has been adopted in global privacy laws. The first part of the document contains a timeline showing that the distinction between controllers and processors has existed for more than 40 years, dating back at least to the 1980 OECD privacy guidelines, which launched the modern wave of privacy laws. The second part of the document contains a chart identifying more than a dozen privacy and data protection laws that reflect the distinction between controllers and processors.

Related: The Global Standard: Distinguishing Between Controllers and Processors in Privacy Legislation
Consumer Rights to Access, Correct, and Delete Data: A Processor’s Role
The Global Standard: Distinguishing Between Controllers and Processors in State Privacy Legislation