In Switzerland the general rules on data protection apply to cloud computing and there is no initiative under consideration to enact cloud-specific laws. Data remains with the data owner and is only stored or processed in the cloud on behalf of the data owner. However, data can be viewed by third parties, depending on the contractual and technical safeguards in place.
The Personal Data Protection Act requires a data controller to take all useful precautions regarding the nature of the data and the risks of processing in order to preserve the security of the data and, in particular, to prevent its alteration or damage, or access by non-authorised third parties. However, in certain circumstances government authorities and related bodies can access data stored in the cloud.
Austria has no specific data security rules for cloud computing. However, depending on the data categories involved, specific data-related security regulations may apply. To date, there has not been a homogenous market approach to tackling the risks connected to cloud services, although companies are starting to become aware of the related risks.
In Turkey, cloud computing services are not specifically regulated and 'cloud computing' is not defined. However, the cloud computing business model may be considered to be an electronic communications service under Turkish law, and therefore such service providers may be required to obtain authorisation from governmental bodies.