Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. While cloud computing is expanding rapidly and used by many individuals and organizations internationally, data protection issues in the cloud have not been carefully addressed at current stage. In the cloud, users' data is usually processed remotely in unknown machines that users do not own or operate. Hence, users' fear of confidential data (particularly financial and health data) leakage and loss of privacy in the cloud becomes a significant barrier to the wide adoption of cloud services. To allay users' concerns of their data privacy, in this paper, we propose a novel data protection framework which addresses challenges during the life cycle of a cloud service. The framework consists of three key components: policy ranking, policy integration and policy enforcement. For each component, we present various models and analyze their properties. Our goal is to provide a new vision toward addressing the issues of the data protection in the cloud rather than detailed techniques of each component. To this extent, the paper includes a discussion of a set of general guidelines for evaluating systems designed based on such a framework.