Which term describes an entity that collects or creates PII?

The key idea is who determines how personal data is collected and for what purposes. The entity that owns or controls the data is the one responsible for setting the policies around collection, consent, purpose, and scope, and for actually gathering or generating the PII. This role is about accountability for data processing decisions and for ensuring privacy requirements are met. Data Owner/Controller fits this role because they decide what data is collected, why it’s collected, and how it will be processed, and they may be the source of the data itself by collecting or creating it. Data custodians, on the other hand, manage and protect data on behalf of the owner/controller—handling storage, access controls, backups, and maintenance per the established policies. Compliance refers to conforming with relevant laws and regulations, not to an entity that collects data. A control is a safeguard or countermeasure, not an actor.