I think that this is really part of a larger problem that eventually ties back to identity management and account management. That may sound like a strange thing to leap to, but hear me out.
One of the problems I've noticed for years is that it's not easy to keep track of all my accounts. Every time I sign up for a new account or trial, I have to create a new account, create a username, create a password, associate it with an email account, choose security questions, bla bla bla. Dual-factor authentication is supposed to help with some of the security problems associated with all this nonsense, but it also adds another complication to the whole thing. Once all that's done, I need to keep track of all that information that I used to sign up.
It's not so bad for individual accounts, but after a few decades of trying things out, abandoning accounts, signing up for trials that I end up not using, and all kinds of things, I really don't know what accounts I have available on which services, what the usernames are, or which email address they're associated with. When I answered security questions, I don't necessarily know what I answered with-- it asked for my favorite author, but was that my favorite author from 2 years ago or 10 years ago? Did I tell the truth when I answered it, or did I answer with a sarcastic joke answer? I honestly don't know for some accounts. I don't even know, for example, if I still have a MySpace account from roughly a decade ago, that I created, signed into a couple of times, and forgot about.
You're thinking this is completely off-topic, but here's the thing: as you have an "Internet of things", there's a good chance that each of those items are going to have their own account on their own service. You have some program to control your lights at home? That program will need an account. Someone invents a smart-vacuum, and it's internet connected? That'll have it's own account. These days, companies don't want to collaborate and develop standard APIs, common platforms, open protocols, or whatever else. Every company developing an app or a website wants to do it's own thing it's own way, while locking out the competition from interoperability. So now, every new Internet-connected thing is going to add complexity to your online life.
Asking to provide privacy controls to consumers is putting the cart before the horse. Even if you want to provide those controls, you're going to have different controls in different places in different UIs, all across different services with different accounts. Users won't be able to effectively manage those controls even if you provide them. What needs to happen first is that we need to develop some kind of identity management and SSO that begins to shrink the task of managing these various accounts. Once you have something like that, you could create APIs for managing those accounts, opening and shutting down accounts, viewing which private information is available in each account, and restricting/removing the private information as needed.