In principle there is nothing in the way of processing and storage of personal identifiable data in the cloud, but all relevant security rules and guidelines must of course be observed. This is easier to say than to implement. Nature of Personal Data may also be crucial. Both email addresses and disease information may be 'personal', but security requirements for them are different. It is important to note that the european privacy directives are older than any cloud service, and that when the DPA uses the law text on cloud computing services, it generates often a series of questions to both users and suppliers that can be more than difficult to answer.