A network-connected device (such as an “internet of things” device) that periodically transmits data to recipient devices (e.g., smartphones, tablets, laptops) may be protected by a firewall that include software firewall elements, hardware firewall elements, or some combination thereof. The firewall may intercept datasets sent by the network-connected device, inspect the datasets, and categorize data within each dataset as belonging to one of a number of previously-identified data categories, such as personal data, location data, behavior data, or energy data, or as not belonging to any recognized data category. Rules within firewall policies may indicate whether data of each data category is to be allowed to be sent to the recipient devices or to be blocked from being sent to the recipient devices, for example allowing a firewall to block transmission of location data. Data not belonging to a recognized data category is sent to a support system for classification.