The privacy by design principle has been applied in system engineering. In this paper, we follow this principle, by integrating necessary safeguards into the program system design. These safeguards are then used in the processing of personal information. In particular, we use a formal language-based approach with static analysis to enforce privacy requirements. To make a general solution, we consider a high-level modeling language for distributed service-oriented systems, building on the paradigm of active objects. The language is then extended to support specification of policies on program constructs and policy enforcement. For this we develop (i) language constructs to formally specify privacy restrictions, thereby obtaining a policy definition language, (ii) a formal notion of policy compliance, and (iii) a type and effect system for enforcing and analyzing a program’s compliance with the stated polices.