Modern cloud-native applications are based on complex orchestrated microservice architectures. In each case, a microservice is specifically responsible for a function of the application (e.g., user management, notification service etc.). The multitude of these microservices, their internal and external communication, and rapid development cycles are difficult to keep track of in many cases. At the same time, data protection regulation, such as the European General Data Protection Regulation (GDPR), demands comprehensive transparency about the processing of personal data.
The TOUCAN project is therefore developing components of a developer-friendly framework that creates transparency in cloud systems, both technically and legally. The concrete contributions include new technical components that show how transparency can be achieved with little effort and also in new forms of playout. Both the data subjects (i.e., users) affected and the responsible bodies are taken into account in equal measure.
In this context, the TOUCAN project focuses on agile development processes: The familiar DevOps model for development and operation of distributed systems is extended to include data protection (privacy) - with a focus on transparency - to form DevPrivOps. Accordingly, conceptual best practices are identified for corresponding phases in the software development lifecycle (code, plan, build, test, release, deploy, operate, monitor) and these are automated, supported or integrated as best as possible by technical components. Building on existing preliminary work from science and industry, a privacy-friendly architecture can thus be designed in the early stages of development.
The project is funded by the German Federal Ministry of Education and Research (BMBF) as part of the Software Campus program (duration: 01/2023 - 03/2024).