Alternate analogy: an IoT thermometer vendor sells you a device to track temperature in your room, but you decide to stick it up someone's butt. Will the IoT vendor know the temperature reading is personal and rectal? Should they be held liable for not proactively attempting to scrub-out numbers which may represent gluteal climate?
It seemed flawed on first reading but I think this analogy holds if one assumes (for the sake of argument) that it’s Definitely Illegal to be accepting these readings. It would be pretty hard to be sure about filtering out arbitrary strings of numbers (ie SSN) when one is also intending to accept such strings.
Alternate analogy: an IoT thermometer vendor sells you a device to track temperature in your room, but you decide to stick it up someone's butt. Will the IoT vendor know the temperature reading is personal and rectal? Should they be held liable for not proactively attempting to scrub-out numbers which may represent gluteal climate?