This paper presents a two level ECC-based group key agreement scheme with privacy-preservation, where a group manager can easily setup a secure protocol in a public network to let the intended group members share an authenticated session key without disclosing their identities in the subsequent communication. To protect privacy, the proposed scheme provides the property of user anonymity, an adversary can not intercept the information of intended group member's identity and use it to launch some attacks. By using self-certified public keys and based on the elliptic curve cryptosystems (ECC), the proposed scheme not only satisfies the security requirements of perfect forward secrecy, known key security (resistance to known key attacks), implicit key authentication, and key confirmation (explicit key authentication), but also achieves performance efficiency in practices. The proposed protocol can gain much efficiency in saving both the communicational cost and the computational effort as compared to previous works implemented by modular exponentiation, so it is quite suitable to be used for resource-limited mobile devices in mobile internet.