Many service composition scenarios involve the sharing of user's privacy data. Due to the transparency of composition's business logic and lack of privacy protocol between user and member service, how to prevent the leakage of user privacy information has become a hot research topic in the field of service-oriented computing. A static analysis method of secure privacy information flow for service composition is proposed in this article according to the characteristics of privacy protection. Firstly, a security model is developed to formalize the security policy of privacy information flow on three aspects:service reputation, retention and purpose. Then, the composition is modeled with privacy workflow net, which gives support to the analysis of privacy information flow, and the detection of privacy information leakage is performed by analyzing execution paths of composition. Finally, a case study is included to demonstrate the effectiveness of the proposed method, and the performance experiment is also presented. Compared with the existing relevant works, the security model proposed reflects the characteristics of privacy protection, and the analysis method is able to deal with issues caused by the aggregation of privacy data items. Therefore, the application of this method can prevent the information leakage more efficiently.