The lack of clarity and harmonisation of the data export rules gives rise to significant uncertainties relating to the use of cloud computing. What should matter is not where information is stored, but who can read it and the focus on data location should not obscure the underlying purpose of the data export restriction, namely data protection. These are some of the legal areas explored by two further papers by the Queen Mary University of London, School of Law Cloud Legal Project. The papers ask the questions - "When are Cloud Users and Providers Subject to EU Data Protection Law?" and "How Can Personal Data Be Transferred Outside the EEA?" Further details of the research can be found on the Queen Mary University of London, School of Law Cloud Legal Project website at - http://www.cloudlegal.ccls.qmul.ac.uk/Research/index.html.