ABSTRACT
The COVID19 Pandemic has highlighted our dependence on online services (from government, e-commerce/retail, and entertainment), often hosted over external cloud computing infrastructure. The users of these services interact with a web interface rather than the larger distributed service provisioning chain that can involve an interlinked group of providers. The data and identity of users are often provided to service provider who may share it (or have automatic sharing agreement) with backend services (such as advertising and analytics). We propose the development of compliance-aware cloud application engineering, which is able to improve transparency of personal data use-particularly with reference to the European GDPR regulation. Key compliance operations and the perceived implementation challenges for the realization of these operations in current cloud infrastructure are outlined. © 1997-2012 IEEE.