This paper describes a method aimed at automatically determining security services to be implementedin products, services and devices involved on the Internet of Things scenarios. It is important toconsider the specific context, legislative diversity and nature of the information since its main objective is to have correct and fair data processing that avoids users in perceiving any danger to their privacy. This paper gives a brief overview based on several types of security threat scenarios. It tries tointroduce “Utility Matrix” concept that connects involved users, their security needs, and legal imperatives all together. Based on “Utility Matrix”, an expert system is proposed in order to automatesecurity service decisions and solution for personal data protection on the area of Internet of Things. Different approaches are presented, and several applied use cases are given for AWARE product, such as application. This automated system is in the development phase. Nevertheless, this project has toconnect areas of the Industry to the judicial and technology, taking into account that users are in themiddle of the scenario. As a result of this project, a certificate of personal data protection to users and companies could be obtained. It could be a tool to simulate and evaluate the impact of new services, new laws, and new needs in technology and research.