If you need that ... you are doing it wrong (Score 1)

If you need to define privacy rules like that from the political side, it's because your general design is wrong.

Posting ALL data from devices to a central server based on a timer from the lowest common denominator of the systems needing the data is a simple and very NAIVE design approach of such a system...

Other methods include using P2P technology as found in VoIP/Skype etc. systems. This way only data-sources that the end-user accept and authenticate can initiate remote data-acquisition. Yes this is possible even on the smallest MCU's.

/Carsten