Abstract : Pervasive applications promote a seamless integration of computer artifacts with our daily an business lives. However, they threaten privacy in two ways. Firstly, adaptation to a user's context necessitates a large collection of data. Secondly, context should be addressed when granting users access to information. This paper handles privacy management as an access control problem and argues that privacy should be specified from a global point of view. Investigating privacy specification at a high level of abstraction and its implementation leads to the proposition of a generative approach relying on model-driven engineering. This approach distinguishes a design level for privacy from its execution level. The design level provides a specification language for privacy which emphasizes its contextual features. It is implemented at the execution level as a service composition generated through model transformations. This composition gathers heterogenous entities, such as pieces of software code or devices. The approach is validated on the example of a medical workflow.