In such a scenario, it is relevant that the service provider takes all appropriate measures before any transmission to third parties to ensure that there is no breach of the data protection clauses. The service provider may also enter into separate vendor agreements with guidelines for the protection of “sensitive personal data or information” in accordance with the provisions of the Indian Information Technology Act. Issues related to data ownership, security, and data protection in an IoT environment can reasonably be resolved through contracts between IoT device manufacturers/service providers and IoT users. For example, in 2016, Amazon announced the release of Amazon Dash keys allowing users to order refills for certain household products such as dishwasher detergents, cat food, or Razer blades. The keys connect to the Internet and turn them into IoT devices. In this context, it is necessary in particular to define precisely the distribution of risks and responsibilities between the parties, which party is responsible for any damage suffered by the user of an IoT and to whom the information generated by the IoT project belongs. . . .