Abstract In traditional Internet of Things (IoT) systems, users are unable to authorize and/or deauthorize the collection of user data. Hence, the problem of the absence of user autonomy in IoT systems. The project aims to tackle this problem by suggesting a human-centered privacy-by-design option in the design and implementation of IoT systems. It aims to prioritize the need for the privacy of the user in designing IoT systems. It proposes to do this through the provision of user autonomous commands that enable the user to opt out of the collection of a particular data type and restore the collection of that data type at will. A Smart Home was built and designed, as the IoT system, for the proof of concept. Various data types were collected at the edge level and three of them (audio, image and temperature) were selected to be transmitted to a remote NoSQL database. Through the user web application, the user was able to authorize and/or deauthorize the transmission of data types by choice. In addition, the user was given access to view a user-friendly presentation of the cloud database, to validate the execution of their autonomous actions taken. This was demonstrated in several use case scenarios. The results shown from this research illustrate that user autonomous actions for privacy can successfully be implemented in the design of IoT systems.