Guiding the implementation of data privacy with microservices

Abstract

AbstractPrivacy by design is nowadays recognized as essential in bringing data privacy into software systems. However, developers still face many challenges in reconciling privacy and software requirements and implementing privacy protections in software systems. One emerging trend is the adoption of microservices architectures—they bring in some qualities that can benefit privacy by design. The main goal of this study is to adapt privacy by design to the qualities brought by microservices. The main focus is at the architectural level, where the main structural decisions are made. A systematic literature review is adopted to identify a set of privacy models that underscore significant differences in software systems’ protection using microservices. From the literature review, a decision framework is developed. The decision framework provides guidance and supports design decisions in implementing data privacy using microservices. The framework helps select and integrate different privacy models. An illustration of using the framework, which considers the design of an electronic voting system, is provided. This study contributes to closing the gap between regulation and implementation through design, where decisions related to data privacy are integrated with decisions on architecting systems using microservices.