Privacy　is　considered　to　be　a　critical　issue　for　providing　high　quality　ubiquitous　network　services　to　users　over　the　Internet.　User＇s　privacy　should　be　protected　and　access　to　privacy　information　must　be　controlled　in　accordance　with　user＇s　privacy　preferences.　Existing　privacy-aware　access　control　strategies　often　store　all　the　privacy　access　control　policies　on　the　server　side　and　thus　fail　to　consider　the　dynamic　nature　of　privacy　preferences.　In　this　paper,　we　propose　a　user-centric　privacy-enhanced　access　control　model　and　show　that　our　model　takes　the　dynamic　nature　of　user＇s　privacy　preferences　into　consideration　and　can　thus　fulfill　any　kind　of　privacy　requirements.　By　separating　access　polices　apart　from　privacy　policies,　which　are　now　stored　at　user　side　and　therefore　fully　under　user＇s　control,　we　demonstrate　that　our　model　can　provide　users　with　a　flexible　way　of　controlling　privacy　policies　that　are　consistent　with　their　preferences.　©　2010　IEEE.