In other words - the backlash over excessive data storage and retention is very much good thing, but let's be careful to try keep things in perspective a bit. Otherwise we run the risk of people not taking us seriously when it actually matters.
as we learn time and time again with this kind of thing, the scary things don't come from the data and metrics that they want, the scary things come as a form of collateral damage that occurs when the company does whatever they have to do in order to harvest the metrics that they're interested in.
Here's a devils' advocate leap that isn't too far from the realities of IoT devices: Company X's telemetry function is broken, allowing arbitrary remote code execution. The IoT device receives a command that causes property or personal damage -- or it becomes a node in a much larger destructive network.
These things happen when features get packed in faster than the security can follow.
Yeah, yeah, the Weber product is just a thermometer. It can still be a node in a malicious network, given attacker incentive.
This is a poor example -- it's an interface that accepted and expected inputs -- but I think it serves as a good example of IoT doing security wrong.
Now imagine what could be inferred from your meat grilling data.
I am not saying that that people go around doing nefarious things with your meat grilling data. In fact, there is a very good chance that it is not even being collected. Yet we live in a world that is hungry for data of virtually any type and in any form, which makes both data collection and nefariousness a possibility when that data is being handled by an Internet connected device. Personally, I find that possibility creepy - even if no harm is being done.