Reeta Sony A.L - National Law University, New Delhi, India. E-mail:reeta.sony@nludelhi.ac.in.

Sri Krishna Deva Rao - Professor, National Law University, New Delhi, India. E-mail: psrikrishnadevarao@gmail.com.

Bhukya Devi Prasad - Council of Scientific and Industrial Research, New Delhi, India. E-mail: bdeviprasad@csir.res.in.

Cloud computing refers to anything that involves delivering hosted services over the Internet. It is fast, cheap, flexible and elastic in nature. In spite of its benefits, cloud computing raises risks for data protection and privacy. One key issue presented by cloud computing is the fact that it changes our thinking of what we consider to be "our data" Data is no longer physically stored on a specific set of computers or servers, but is rather geographically distributed. The globalised nature of cloud computing poses a challenge for personal data protection, which requires a clear location for personal data, an identification of the processor and a responsible individual for data processing. Cloud data can be misused and/or shared with third parties without prior knowledge or consent of the data owner. The direct participation of an individual in transborder data transfer, third party participation in data storage, the processing and transmission of dataand, finally, negligence of data protection due diligence from cloud service providers, makes data protection and privacy laws more relevant. The recent PRISM surveillance programme scandal at the US National Security Agency (NSA) demonstrated the privacy risks that citizens around the world take on when their personal informa­tion is stored and processed in the cloud. This situation requires awell-established techno-legal solution along international standards. India, unlike the European Union, has no dedicated regulatory framework to deal with privacy and personal data protection. Although cloud computing is still in its initial stages in India, existing laws for people who are currently using facilities offeredby cloud service providers are extremely inadequate. However, cloud computing requires legal protection in India under the country's data protection laws, privacy laws and data breach laws, which must meet "international standards'! It is the right time for the Indian government to enact appropriate regulatory frameworks to protect personal data and privacy in the cloud era. The overall objective of this paper is to understand the impact of cloud computing on privacy and personal data protection and to analyse present legal frameworks governing privacy and personal data protection in India and Europe.