A method for controlling access to data being processed by a remote computing resource includes issuing a public encryption key for a data creator from a public certificate authority, detecting an encounter with a data owner, creating private encryption keys for the data creator and the data owner in response to detecting the encounter, encrypting data being sent to the remote computing resource with the public encryption key, the data creator's private encryption key, and the data owner's private encryption key, decrypting the data based on public verification of the public encryption key and local verification of the data creator's private encryption key and the data owner's private encryption key at the remote computing resource, and controlling the data creator's access to the data by altering the permission of at least one of the public encryption key and data creator's private encryption key.