There's a proposal to add privacy to the protocol (private posts, private groups), but I don't think anyone has solved the real root problem with trying to implement privacy in a federated system (as opposed to P2P), which is the bad administrator problem. The proposal I saw still relied on trustworthy app administrators to respect a post's privacy settings. And that's a huge flaw.
Friendica and Diaspora both have the same problem, and to my knowledge don't have a good solution for it. They both just sort of hand wave it away.
I'm waiting to see if someone comes up with a good solution for the unsafe admin problem, but so far I haven't seen one.