So I'm not entirely sure I can trust that there will be useful regulation, but it's definitely an area where useful regulation is desperately needed. Smart everything in the privacy of your home sounds great until you look at how absurdly huge of an attack vector they create. The data exfiltration is bad on its own, but the possibility of deliberate back doors with minimal consequences for lesser known brands is out there, and even "credible" brands mostly don't put near the effort into security they should.
Ideally I would make it a requirement that devices could be configured to never phone home (and published APIs or used standardized ones for self hosting). It won't happen, but without it the companies willing to subsidize devices to be spyware have a massive competitive advantage.