"The framework also includes the following minimum requirements:
Don't hide the privacy policy – demanding that someone wait until after buying a product before they see the privacy policy is a no-no, and consumers need to know the impact of opt-in or opt-out decisions on a product or service.
Make the privacy policy readable – the OTA notes that this includes the user interface design presenting the policy. Since a home sensor or a fitness tracker lacks the user interface, vendors should keep in mind that the policy will be read on another device.
Tell people what you're collecting – or as the framework puts it, “Manufacturers must conspicuously disclose all personally identifiable data types and attributes collected.”
IoT vendors' promiscuous attitude to data sharing is frowned on – data should only be shared with third parties who agree to keep it confidential, and only for limited purposes.
Tell consumers how long you're keeping their data."
Well that would rule out Microsoft's Windows 10 wouldn't it then?
"Yes," said Arthur, "... It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'."