Personal data processed under a contract, e.g. when offering a cloud service for a customer, are not to be used for marketing or advertising purposes without a clear consent from the customer that controls the data.
This consent can’t be e.g. demanded as a prerequisite for being able to utilize the offered cloud service.
This requirement is in line with general personal data processing requirements, where all personal data processing must have a clear legal basis. Potential processing must be documented normally.