There is a tendency to use electronic networks for delivering services. These electronic services can provide several benefits to service consumers, mainly by enabling service providers to offer high quality services. However, they also create many risks to privacy protection as consumers' data may be electronically collected, stored and processed. These risks are related to the possibility of service providers using these data in a manner unacceptable by consumers. The goals of this paper are to identify requirements for a privacy framework for Service-Oriented Architecture and propose a framework, which offers mechanisms that enable service consumers to control how their private data are manipulated and service providers to obtain consumers' acceptance on how their data are going to be handled.