the VERY short (and imprecise) answer:

- In the USA: personal/private data given to any company/organization (e.g. putting personal data to facebook etc.) belong to the company/org. where the data are stored. The company can do (almost) whatever it wants to do with the data (use it for marketing, sell it…)

- In EU: personal/private data given to any company/organization can be used by the company only for a precisely specified aim/goal. That means, if e.g. a company writes in their data privacy statement (german: Datenschutzbestimmung) that the data are used for statistical purposes the company is not allowed to use the data for another purpose (e.g. marketing…). That does not mean that data are not allowed for marketing but it must be specified in the data privacy statement. The statement is not allowed to contain a generalization clause like: "the data are used for whatever purpose…)

For details see the several laws/regulations:

e.g.

http://europa.eu/rapid/press-release_MEMO-14-186_de.htm

http://ec.europa.eu/justice/data-protection/index_en.htm

http://eur-lex.europa.eu/procedure/EN/201286

here a comparison of EU and USA protection regulations:

www.iassistdata.org/downloads/iqvol223stratford.pdf

---

if you are interested in a technology to increase privacy and confidentiality of private  data in public  clouds  you may like to read my paper: https://www.researchgate.net/publication/264037748_Retaining_Control_Over_Private_Virtual_Machines_Hosted_by_a_Cloud_Provider

But - as I said - it is not about laws/regulations etc.  but more about technical means within the cloud!

Conference Paper Retaining Control Over Private Virtual Machines Hosted by a ...

Thank you Armin simma.

On the side of intellectual property law Eu Regulations on data protection  - as well as rules on software - are similar to copyright law (i.e. for the major duration) more than to patent law.

On the side of human rights protection a Directive on data protection has been issued, that is officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data).

To add to this, certainly within the UK, if you are using any cloud or online data storage the physical servers/datacentre must be located within the EU to comply with data protection laws.  That means that using services like dropbox, google drive etc. aren't possible for data storage or transfers.  A number of service providers are opening locations within the EU in response to this (a quick google search about EU data centres will bring up all kinds of news articles). There are also some schemes (specifically the safe harbor scheme) in place that some government data providers approve to allow data sharing/work to be done internationally and remain within EU data protection law.