This document focuses on what processors can (and cannot) do in helping controllers respond to consumer rights requests.

This document explains the history of the controller/processor distinction and demonstrates how widely that distinction has been adopted in global privacy laws.

The United States needs a strong, comprehensive federal privacy law that ensures consumers’ personal data is used in ways they expect.

All five state consumer privacy laws create new rights for consumers, impose obligations on businesses that handle consumers’ personal data, and create new mechanisms to enforce those laws.