In Service Oriented Architecture (SOA) data belonging to a client (data provider) is often processed by a provider (data consumer). During this processing the data can be compromised. A client wants to be sure that its data is used in the least risky way while is under provider's control. The risk level should be low when access to the data is granted and should remain low during the whole interaction and, maybe, some time after. Therefore, a client has to consider closely various providers and decide which one provides the service with the smallest risk. More importantly, the risk has to be constantly recomputed after granting the access to the data, i.e., usage of data must be controlled.In this work we propose a method to empower usage control with a risk-based decision making process for more efficient and flexible control of access to data. Employing this idea we show how to select a service provider using risk, re-evaluate the risk level when some changes have happened and how to improve an infrastructure in order to reduce the risk level.