Internet of Things(IoT) is one of the main topics in the field of ICT. IoT is the concept to connect even things or objects beyond humans on the basis of autonomous and intelligent (internet) telecommunications. The main reason of recently increasing discourses on IoT is mainly not for the problems of privacy or personal data protection but for the benefits in the perspective of ICT industries. This article, therefore, analyzes what legislative facts should be considered and what normative contents should be accepted in the personal data protection legislation of IoT. For those analyses, regulatory models for legislative decision-making are examined, and legislative directions and issues are suggested. In conclusion, this article insists the importance of Soft-Law approaches on the architectural regulation theories which consider technical characteristics and realities of IoT. Thorough these approaches, appropriate legislative contents can be achieved. Regulations for “Privacy by Design” and “Prohibiting Profiling” are suggested as representative legislative issues for the concrete law-making of IoT personal data protection. These regulations have important implications in the connectivity of IoT network.