Our houses and stores are getting smarter every day, with the addition of everything from “smart shelves” to track inventory to fridges you can peek into on an app on your phone if you’re at the grocery store and forget whether you picked up milk already. But that technology can have some big drawbacks — especially when it comes to privacy.

California lawmakers are trying to rectify that — at least in part. Sen. Hannah-Beth Jackson (D-Santa Barbara) has proposed Senate Bill 327, appropriately nicknamed the “Teddy Bear and Toaster Act.” This bill would require manufacturers to design their products to alert customers when the product is gathering data, either through visual cues like lights or audio prompts. The devices would also have to get consent from the user before transmitting any information that’s been collected. And manufacturers would have to disclose whether the products are capable of collecting particularly sensitive data like location or health information. Additionally, manufacturers would be required to keep customers apprised of patches and other security software updates.

This bill would only bridge part of the gap in protecting consumer data. Many “smart” products currently on the market lack basic cybersecurity features, leaving them vulnerable to hacking or cyberattacks. The bill doesn’t specifically require manufacturers to beef up their security. Some toymakers have already contended with this very issue. CloudPets makes stuffed animals that can play and record messages through Bluetooth technology. Last December, the CloudPets database was breached, leaking e-mail addresses, passwords, and even direct links to audio recordings. The vulnerability that caused the leak was quickly fixed, but as database security improves, so does the sophistication of cyber-attackers, leaving even intentionally-captured data as a target for hackers.

The data captured by smart-devices may not just end up in the hands of hackers – it could end up in the hands of law enforcement. In a 2015 murder case, police issued a warrant for records for an Amazon Echo device belonging to the suspect. The police hoped that someone (purposefully or accidentally) said the Echo’s “wake up” word near the time of the murder, triggering the Echo to create and store an audio recording. Police in that case also used a “smart” water heater to determine that an unusually large amount of water was used in the early morning hours of the day in question – purportedly to clean up the crime scene. Sen. Jackson’s bill doesn’t contemplate how this data may be accessed or used by law enforcement in investigating crimes.

Although the Teddy Bear and Toaster Act only addresses a very small portion of the data privacy concerns raised by the ever-growing Internet of Things, Sen. Jackson and other California lawmakers see it as the first step in leading the charge towards improved privacy and security in the modern era.