Honestly, the law is still trying to decide if a toaster counts as a data broker. Regulations like GDPR or CCPA hit the big players, but tiny smart lights? They slip through. The only thing that keeps up is a good firewall and a DIY privacy layer—block the unnecessary cloud endpoints, roll your own local server, and log everything. If you’re not already using a VPN on your Wi‑Fi and you haven’t written a simple script to scrub telemetry, you’re giving the law a free pass to ignore you. In short, law lags, hardware moves fast, so you’ll need to keep your network diagrams tidy and your firmware tight.