Oh really ?
"or when Chinese IoT products and services transfer US customer data back to China, where the government retains expansive powers to access personal and corporate data."
Because the US government does not have "expansive powers to access personal and corporate data" ? That's news to me.
Of course, I realize that this is a US report on "dangers" to US citizens with China-manufactured IoT stuff, but I think that, for the international audience reading it, it would be good to re-read that paragraph with the proper placeholders, like thus :
"or when foreign IoT products and services transfer your data back to that country, where the laws on personal and corporate data may not be in your best interest."
Then maybe you'll think twice about that FitBit, or that POS "smart" lock that you have somehow convinced yourself that you need.
As far as I'm concerned, IoT is a world of badly implemented useless or bad ideas. I'll stay well away from it, but this report is just another nail in the coffin.