This document discusses key challenges around distributed data security and privacy. It notes that sensory data is continuously captured and aggregated across devices and applications, and data is frequently exchanged between intermediaries with different access rights. The goals are to retain control over how data is used once shared, through access control, obligations, and policies. Lessons from other domains suggest protecting data at source, allowing policies to partially follow data based on context, and establishing data sharing agreements between parties. The document introduces the PRiMMA framework for enforcing privacy policies on devices and learning policies from user behavior.