The proliferation of the Internet of Things (IoT) has intensified risks of sensitive data exposure, necessitating systematic privacy-preserving mechanisms. This work proposes AURA-IoT, a multi-layered framework that, for the first time, integrates AI-driven privacy risk assessment into a unified architecture by synergizing adversarial robustness, explainability, dynamic consent, and policy enforcement. Grounded in the IEEE digital privacy model, the framework establishes a five-category taxonomy of IoT privacy risks and systematically incorporates privacy-enhancing technologies (PETs)—including federated learning, differential privacy, blockchain, cryptographic techniques, and reinforcement learning—to evaluate the efficacy of existing approaches. AURA-IoT thus offers an innovative paradigm and practical pathway toward trustworthy, controllable, and regulatory-compliant privacy governance for next-generation IoT ecosystems.

Privacy has always been a critical issue in the digital era, particularly with the increasing use of Internet of Things (IoT) devices. As the IoT continues to transform industries such as healthcare, smart cities, and home automation, it has also introduced serious challenges regarding the security of sensitive and private data. This paper examines the complex landscape of digital privacy in IoT ecosystems, highlighting the need to protect personally identifiable information (PII) of individuals and uphold their rights to digital independence. Global events, such as the COVID-19 pandemic, have accelerated the adoption of IoT, raising concerns about privacy and data protection. This paper provides an in-depth examination of digital privacy risks in the IoT domain and introduces a clear taxonomy for evaluating them using the IEEE Digital Privacy Model. The proposed framework categorizes privacy risks into five types: identity-oriented, behavioral, inference, data manipulation, and regulatory risks. We review existing digital privacy solutions, including encryption technologies, blockchain, federated learning, differential privacy, reinforcement learning, AI, and dynamic consent mechanisms, to mitigate these risks. We also highlight how these privacy-enhancing technologies (PETs) help with data confidentiality, access control, and trust management. Additionally, this study presents AURA-IoT, a futuristic framework that tackles AI-driven privacy risks through a multi-layered structure. AURA-IoT integrates adversarial robustness, explainability, transparency, fairness, compliance, dynamic consent, and policy enforcement mechanisms to ensure digital privacy, security, and accountable IoT operations. Finally, we discuss ongoing challenges and potential research directions for integrating AI and encryption-based privacy solutions to achieve comprehensive digital privacy in future IoT systems.