On Twilio’s Privacy Team, we often get questions about our position as both a processor and a controller of our customers’ personal data. Most of the time, the questions stem from Twilio’s role as a controller of Usage Data.
We’d like to take a few minutes to explain why, under European data protection legislation, Twilio is a controller of Usage Data.
Data protection law (and privacy law) in certain jurisdictions, like the Europe Union’s General Data Protection Regulation (“GDPR”), differentiates between “processors” and “controllers” of personal data. It is important for an organization to understand which role it fulfills when it processes personal data, in order to understand its responsibilities under applicable law.
What are "processors" and "controllers"?
A processor is an entity that only processes, or uses, stores, transmits, etc, personal data in accordance with the instructions of a controller. The majority of the time, third-party service providers processing …