Companies like Google, Amazon and Cisco as well as a raft other companies (it seems like every company has to have an IOT play these days), have based whole business models on selling connected devices that perform functions such as monitoring your home, listening to private conversations and mapping your movements. These devices collect large quantities of personal data, which the companies then analyze and may sell to other companies for a profit. In addition, the security of these devices is increasingly under question, with devices such as Jeeps able to be remote-controlled by hackers, or video cameras able to be viewed by almost anyone.It seems that collecting this valuable private data is the driving force behind IoT adoption – if these companies really cared about improving the privacy and security of these services, we would see open APIs becoming the standard in new product development, rather than declining as they are currently, and much more focus on the security of connected devices.There is clearly a market for services and commodities that respect consumer privacy, transparency and trust. A recent study we conducted saw that over one-fifth of respondents in Europe and the US had stopped using at least one online service due to concerns about data privacy. If businesses continue to pursue this exploitative, shadowy business model we will see more and more people switch off from these online services.Businesses that make use of connected devices to offer services to consumers need to ensure that they have systems and processes in place to protect the consumer data they are storing, whether it’s on the device itself, in transit, or stored in the cloud. While the business case for selling data is strong, businesses need to ensure that this is anonymized and that no individual can be identified through its use. This data needs to be protected on the device by ensuring device security is the primary concern, not an afterthought; in transit and at-rest using strong encryption; and finally consumer consent needs to be prioritized and much more explicit.