Microservices is an architectural style that promotes structuring an application as a collection of loosely coupled fine-grained services. Due to its support for continuous integration and agile development, it has become increasingly popular in different application domains. Since each microservice typically accesses different data, while composing complex applications, it is hard to monitor which data are getting accessed in the entire application workflow. This raises a serious concern over privacy protection, especially in the domains that require handling sensitive data. To guarantee privacy preservation, we need to identify the constraints that should be monitored by data analysis tools in runtime. In this paper, we demonstrate how formal modelling can be used as a basis for deriving monitoring constraints in the applications developed in the microservices architectural style. We formalise modelling patterns for specifying applications composed of microservices, data privacy constraints and demonstrate how to identify privacy violations in runtime.