Microservices are vital for large-scale web systems, yet they struggle with privacy regulations like GDPR and CCPA. Current solutions, like gRPC, lack advanced privacy measures. To bridge this gap, we propose integrating advanced techniques into gRPC dynamically. Our solution implements data minimisation and purpose limitation within gRPC using an interceptor, ensuring compliance and privacy protection. This enables configurable policy enforcement based on processing purposes and data minimisation needs. Our prototype, implemented in a cloud-native microservice environment, demonstrates practicality with reasonable overheads. Future work includes performance assessments and optimisation for broader adoption.
