This document explains the history of the controller/processor distinction and demonstrates how widely that distinction has been adopted in global privacy laws. The first part of the document contains a timeline showing that the distinction between controllers and processors has existed for more than 40 years, dating back at least to the 1980 OECD privacy guidelines, which launched the modern wave of privacy laws. The second part of the document contains a chart identifying more than a dozen privacy and data protection laws that reflect the distinction between controllers and processors.

Related: The Global Standard in Privacy Legislation: Distinguishing Between Controllers and Processors
Consumer Rights to Access, Correct, and Delete Data: A Processor’s Role
State Privacy Legislation: Distinguishing Between Controllers and Processors