Key PointsThe Internet of Things (IoT) creates new security risks that device manufacturers and application developers have not anticipated.The devices that have become part of the IoT enable the storage, analysis, monitoring, and sharing of vast quantities of data with other networked devices and users.Users' privacy is threatened because of their limited control and choice over the collection, retention, and distribution of their data.The risk of an inadequate legal framework regulating the IoT requires urgent action in legal analysis and may require new approaches in legislation.