Recent technology advancements in the Internet of Things (IoT) are accelerating the development of smart cities, smart grids, precision agriculture, and Industry 4.0 in manufacturing, as well as solve important problems in national security, aged-care, and health. However, the establishment of such IoT solutions dramatically not only increases the number of Internet-connected sensors and other smart devices, but also intensifies the need to provide security and privacy for the data generated by such IoT devices. This presses the need for the development of highly scalable/computationally efficient security mechanisms that prevent unauthorised access and disclosure of sensitive information generated by IoT devices. In this paper, we address this need by proposing a lightweight, yet highly scalable, data obfuscation technique that is based on a combination of digital watermarking and contextualisation. This novel technique provides privacy-preservation of IoT data by permitting controlled perturbation of such data, and incorporates a disclosure privilege mechanism that allows designated users to de-obfuscate perturbed data. To enhance the scalability of this solution we also introduce a contextualisation process that achieve real-time aggregation and filtering of IoT data for any number of designated users and associated privileges. We then assess the effectiveness of the proposed technique by considering a use case in health-care that involves data streamed from various wearable and stationary sensors capturing health data, such as heart-rate and blood pressure. An analysis of the experimental results that illustrate the unconstrained scalability of our technique concludes the paper.