With a rapid growth of the Internet, exploring
cost-effective and time-efficient methods for creating Internet
services has become critical. As an emerging technology, service
aggregation has been regarded as a promising candidate.
However, it also raises serious issues on privacy management,
as a service is usually provided by multiple providers that
are usually transparent to its users. We observe that these
issues have not been formally studied in the literature. In this
paper, we propose a formal model for the privacy management
in service aggregation and present a negotiation strategy on
different privacy policies between two organizations.