According to the definition of National Institute of Standards and Technology (NIST) dell’U.S. Departement of Commerce, cloud computing consists of a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and service) that can be rapidely provisioned and released with minimal management effort or service provider interaction; a new form of storage and data processing on a virtual platform. The first chapter define the phenomenon, describing the models and typologies, highlighting the benefits and the risks, as well as the legal problems associated with it. In particular, as the data and their processing are the object of the services offered by the cloud system, it is of particular importance that those aspects of the protection of the personal data of cloud service users are clarified as necessary, preliminary, a policy of prevention, aimed at informing about the risks. These issues are highlighted by the Guarantor for the Protection of Personal Data, which, more than once, has intervened in order to encourage a conscious and correct use of the cloud system. In the second chapter, the right to privacy is investigated in the current context of technological evolution. Some fundamental judgments of European jurisprudence are reviewed (judgments: Lindqvist, Costeja, Scherms) on the protection of privacy in the internet, highlighting the points of contact and distance to the Italian one, with reference also to a recent judgment of the Spanish High Tribunal. It is noted, however, that in the diversity of solutions offered, conflict between the various interests at stake can only be solved by reason of their careful balancing. Looking back on its evolution, it is clear that the right in question (which has expanded its content by including the right to the protection of personal data), in the light of what the European Court of Justice has stated, is not absolute prerogative, but must be considered in the light of its social function. The following is a review of European Regulation 2016/679 (which will be directly applicable in all EU countries from 25 May 2018), as it represents the instrument for formalizing the new digital course for the protection of Personal data, at Community and non-EU level. In particular, they analyze the novelties it introduces and the archives on which it relies on the entire privacy system. It is also intended to specify the spatial scope of application, in the light of the criteria set out in Article 3 thereof. In the third chapter, focusing on the most significant aspect of the technology under discussion (the clear separation between data ownership and processing and possession and control of data), the research analyzes the topic of ‘processing’ personal data the light of the opinions of the Italian and European Regulatory Authority (Art. 29 Group) and, in particular, of the recent European Regulation 2016/679 and of the Code of Conduct, 26 September 2016 of the CISPE. The topic that inevitably interfere with cloud technology, especially today, in a context where the scope for sharing and personal data collection has increased significantly, allowing both private companies and public authorities to use personal data, such as in the pursuit of their activities. This also in view of the fact that cloud services allow to ‘process’ and ‘store’ data on server systems deployed in different parts of the planet, where it is necessary to verify the existence of an ‘adequate level of protection’ in order to ensure to the party concerned a ‘substantially equivalent’ protection to that guaranteed within the Union. To this end, the essential premise for which it is necessary to inform about the risks is to clarify, in the light of the provisions of the Privacy Policy 2016 and of the Code of Conduct, 26 September 2016 of CISPE, issues such as: roles and obligations between controller and processor; the informational omissions of the service provider and the user’s unknowingness; keeping data in cloud computing and transferring them to a ‘third country’ after the judgments of the Court of Justice; the question of the portability of their data on other Csp (problem of the c.d. ‘vendor lock-in’); the data breach notification and the data protection in the relationship between constumer and provider. [edited by Author]