The European Parliament has released here a draft report on a proposed regulation on privacy and electronic communication. This report is long and technical, but it does describe at least encouraging a variety of measures to protect the privacy of electronic communications, such as enryption. It also specifically mentions metadata as worthy of privacy protection.
This report probably is intended to cover email, social media, etc. But it does seem to me that much of the language is general enough to cover all sorts of other communications. Messages and data samples from IoT devices are, after all, electronic communications. The data and control packets on a distributed control bus are also electronic communications.
Commuication within and between IoT and CPS devices and systems deserve privacy. A large body of work has shown that quite a bit can be inferred about a person and their activities from a small number of samples. However, these systems often run in real time and under power constraints. The encryption and privacy techniques appropriate to IoT and CPS are, in general, quite different from those for information technology (IT) systems. Let's hope that privacy protections cover all the bases and do so in a manner appropriate to the wide ranging ways in which we use computers.