As cloud computing becomes an increasingly dominant means of providing computing resources, legal and regulatory issues associated with the cloud also become more pronounced. In particular, there is a heightened focus on ensuring the privacy and integrity of users' personal data. At present, the cloud is opaque, a black box. The technical means for enforcing and demonstrating compliance with data management practices lag behind legal and regulatory aspirations. Information flow control (IFC) enables auditable, fine-grained management as data moves throughout systems. IFC offers the potential to improve the visibility and control over data flows within and between cloud services and cloud-hosted applications. The authors use real-world legal/regulatory examples to show how IFC can help satisfy data management obligations and improve the accountability of responsible parties.