Privacy mechanisms exist for monolithic systems. How- ever, pervasive environments that gather user data to sup- port advanced services provide little control over the data an individual releases. This is a strong inhibitor for the de- velopment of pervasive systems, since most users do not ac- cept that their personal information is sent out to the wild, and potentially passed over to third party systems. We therefore propose a framework to support user con- trol over the data made available to service providers in the context of an OSGi based Extensible Service Systems. A formal privacy model is defined and service and policy descriptions are deduced. Technical system requirements to support these policies are identified. Since guaranteeing privacy inside the system is of little help if any malicious en- tity can break into it, a security architecture for OSGi based Extensible Service Systems is also defined.