A data location control model for Cloud services is presented that uses an authorization system as its core control element. The model is intended for use by enterprises that collect personal data from end users that can potentially be stored and processed at multiple geographic locations. By adhering to the model's authorization decisions, the enterprise can address end users' concerns about the location of their data by incorporating the their preferences about the location of their personal data into authorization policy. The model also ensures that the end users have visibility into the location of their data and are informed when the location of their data changes. A prototype of the model has been implemented that provides the data owner with an interface that allows their location preferences to be expressed. These preferences are stored internally as XACML policy documents. Thereafter, movements or remote duplications of the data must be authorized by submitting requests to an ISO/IEC 10181-3:1996 compliant Policy Enforcement Point. End users can, at any time, view up-to-date information on the locations where their data is stored via a web interface. Furthermore, XACML obligations are used to ensure that end users are informed whenever the location of their data changes.