The Internet of Things (IoT), the cloud, big data...are all hyped terms and buzzwords of the moment. After decades in which individuals and companies used to host their data and applications using their own IT infrastructure, the world has seen the stunning transformation of the Internet. Major shifts occurred when these infrastructures begun to be outsourced to public cloud providers to match commercial expectations. From a legal point of view, the main problem is what often happens in the domain of IT Law with the typical shortcomings of black-letter rules. The technology has improved so drastically that existing statutory public law, regulatory, and policy approaches face severe difficulties and limitations to keep pace with new technological changes. This problem has been exacerbated with the IoT and big data movement due to the volatile and permeable nature of cloud computing, and the progress of interconnectivity among societies where data and databases move across borders in a multi-jurisdictional world. This means that we need a whole new framework for understanding, protecting and sharing data. The scheme I propose in this presentation is based on a risk assessment that works side by side with Service Level Agreements (SLAs). I advocate for the extension of the negotiation capabilities of cloud customers, through an automated and machine-readable framework, orchestrated by a Cloud Service Brokerage (CSB). SLAs are facilitators for increasing the commercial uptake of cloud services. They provide clear-cut rules concerning the expectations and obligations between service consumers and cloud providers. This proposed framework can uncover high-risk areas to reduce such risks, and eliminate those cloud providers that will not promote their needs. This will provide better control for cloud users and will go a long way in increasing confidence and reinforcing trust in cloud computing transactions.