Recently, Lee et al. proposed a delegation-based authentication protocol which provides secure and private roaming service for portable communication systems in global mobility networks. In this paper, we show that 1) Lee et al.'s protocol cannot protect users' privacy even though the protocol provides the user identity privacy; and 2) the unlinkability is required for delegation-based authentication protocols to provide user privacy. Moreover, we propose an improved protocol with the unlinkability by modifying Lee et al.'s protocol.