Pith. sign in

REVIEW

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 2306.02496 v1 pith:P6WWUTIK submitted 2023-06-04 cs.DC cs.CRcs.CYcs.SE

Hawk: DevOps-driven Transparency and Accountability in Cloud Native Systems

classification cs.DC cs.CRcs.CYcs.SE
keywords datatransparencyinformationcontrollersdetailspracticesprocessingregulatory
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

Transparency is one of the most important principles of modern privacy regulations, such as the GDPR or CCPA. To be compliant with such regulatory frameworks, data controllers must provide data subjects with precise information about the collection, processing, storage, and transfer of personal data. To do so, respective facts and details must be compiled and always kept up to date. In traditional, rather static system environments, this inventory (including details such as the purposes of processing or the storage duration for each system component) could be done manually. In current circumstances of agile, DevOps-driven, and cloud-native information systems engineering, however, such manual practices do not suit anymore, making it increasingly hard for data controllers to achieve regulatory compliance. To allow for proper collection and maintenance of always up-to-date transparency information smoothly integrating into DevOps practices, we herein propose a set of novel approaches explicitly tailored to specific phases of the DevOps lifecycle most relevant in matters of privacy-related transparency and accountability at runtime: Release, Operation, and Monitoring. For each of these phases, we examine the specific challenges arising in determining the details of personal data processing, develop a distinct approach and provide respective proof of concept implementations that can easily be applied in cloud native systems. We also demonstrate how these components can be integrated with each other to establish transparency information comprising design- and runtime-elements. Furthermore, our experimental evaluation indicates reasonable overheads. On this basis, data controllers can fulfill their regulatory transparency obligations in line with actual engineering practices.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.