"internet of things" are collecting data on consumer behavior but consumers have no informed consent, no standard rules to expect, and usually no options over the licensing protocols. Borrowing from standards intellectual property agreements, we can establish norms -- "rules of engagement" -- that give consumers more control over the data they are creating. At a minimum, these should include control over who has acces rights, terms for holding and use of data, and level of identification. Examples are provided.