Surveillance Pricing and Algorithmic Pricing — U.S. Regulatory Developments and Enforcement Actions

Introduction

Companies increasingly use sophisticated algorithms and consumer data to set individualized prices for goods and services—a practice commonly referred to as “surveillance pricing” or “personalized algorithmic pricing.” While such practices may offer business advantages, they have attracted significant scrutiny from state legislators and law enforcement officials. This alert summarizes the current legal landscape, including enacted laws, proposed legislation and recent enforcement activity targeting surveillance pricing practices.

Key Takeaways:

• New York requires disclosure when algorithmic pricing uses personal data; California’s CCPA may constrain undisclosed surveillance pricing under its purpose limitation principle.
• California’s proposed AB 2564 would prohibit surveillance pricing outright, with civil penalties up to $12,500 per violation (or three times that amount for intentional violations).
• The California Attorney General has launched an investigative sweep targeting the retail, grocery and hotel sectors—companies should be prepared to respond to inquiries.

What Is Surveillance Pricing?

Surveillance pricing uses a consumer’s personal information to set individualized prices, meaning consumers buying the same product at the same time may be offered different prices. Unless disclosed, such pricing is invisible to consumers who typically cannot compare prices with each other.

Personal data used in surveillance pricing may be collected through “electronic surveillance technology”—including sensors, cameras, device tracking or biometric monitoring—capable of gathering personally identifiable information about a consumer’s behavior, characteristics, location or other attributes in physical or digital environments.

Note that surveillance pricing is distinct from dynamic pricing. Dynamic pricing refers to real-time or near-real-time adjustment of prices based on demand, supply or other factors not specifically tied to personally identifiable data.

Existing State Laws

New York General Business Law Section 349-a

New York has enacted legislation defining “personalized algorithmic pricing” as dynamic pricing set by an algorithm using personal data—i.e., any data that identifies or could reasonably be linked with a specific consumer or device.

Under Section 349-a, any entity using personalized algorithmic pricing to set prices for New York consumers must include a clear and conspicuous disclosure stating: “THIS PRICE WAS SET BY AN ALGORITHM USING YOUR PERSONAL DATA.”

The law provides certain exceptions, including for entities subject to the insurance law or regulations promulgated thereunder; financial institutions or affiliates of financial institutions subject to Title V of the Gramm-Leach-Bliley Act; financial institutions as defined in the financial services law; and prices offered to consumers with existing subscription-based contracts where such price is less than the price set forth in the subscription agreement.

The New York Attorney General enforces Section 349-a by first dispatching a cease and desist letter specifying the alleged violation and remedies. If violations continue, the Attorney General may seek injunctive relief and civil penalties of up to $1,000 per violation.

California Consumer Privacy Act (CCPA)

While the CCPA does not expressly prohibit surveillance pricing, its “purpose limitation principle” limits a business’s use of personal information to purposes consistent with consumers’ reasonable expectations. Businesses using data to set individualized prices without disclosure may be violating California law.

Proposed Legislation

Congressional Bills

Congress has not yet taken a close interest in surveillance or algorithmic pricing, though two bills, the One Fair Price Act, and the Stop AI Price Gouging And Wage Fixing Act, would ban surveillance pricing. Other bills, such as the Stop Price Gouging in Grocery Stores Act, attempt to ban more narrow uses of surveillance pricing. While these bills have attracted some bipartisan support, none appear close to passage.

California Assembly Bill 2564

California Assembly Bill 2564, introduced February 20, 2026, would prohibit retailers from engaging in surveillance pricing—defined as setting customized prices based on personally identifiable information collected through electronic surveillance technology, including data acquired from third parties.

The bill provides several exceptions. A retailer does not engage in prohibited surveillance pricing if:

• The difference in price is based solely on costs associated with providing the good to different consumers.
• A discounted price is offered based on publicly disclosed eligibility criteria that any consumer could potentially meet, including signing up for a mailing list, providing personal information, registering for promotional communications or participating in a promotional event.
• A discounted price is offered to members of a broadly defined group, including teachers, active or retired military, senior citizens, students or residents of a certain area based on publicly disclosed eligibility criteria.
• A discounted price is offered through a loyalty, membership or rewards program that consumers affirmatively purchase or enroll in.
• Random variations in prices to different customers using a website, mobile application or comparable online technology.

Enforcement actions may be brought by the Attorney General, district attorneys, certain city attorneys or county counsels. Violators would be subject to civil penalties of up to $12,500 for each violation, with each violation constituting a separate violation with respect to each consumer or transaction involved. For intentional violations, the penalty may be up to three times that amount plus all revenues earned from the violation. Consumers may also bring actions for injunctive relief, and prevailing plaintiffs are entitled to reasonable attorney’s fees and costs.

The bill declares that any waiver of its provisions is against public policy and is void and unenforceable. Additionally, the rights, remedies and penalties established by the bill are cumulative and do not limit or diminish rights, remedies or penalties established under other laws.

Enforcement Activity

Congressional Oversight

On March 5, 2026, the House Committee on Oversight and Government Reform began an investigation into the use of surveillance pricing. The Committee sent letters to several companies in the travel and hospitality industry seeking information related to alleged use of consumer data to set prices.

California Attorney General Investigation

On January 27, 2026, California Attorney General Rob Bonta announced an investigative sweep focused on businesses’ use of consumers’ personal information to set targeted, individualized prices for products and services. As part of the sweep, the California Department of Justice is sending letters to businesses with significant online presence in the retail, grocery and hotel sectors.

The letters request information regarding how businesses use consumer data (shopping history, browsing history, location, demographics) to set prices, as well as policies and disclosures regarding personalized pricing, any pricing experiments and compliance measures.

Attorney General Bonta stated: “Practices like surveillance pricing may undermine consumer trust, unfairly raise prices, and when conducted without proper disclosure or beyond reasonable expectations, may violate California law.”

Federal Trade Commission Activity

In July 2024, the Federal Trade Commission (FTC) sought information on surveillance pricing from eight companies that provided surveillance pricing products to businesses. The FTC subsequently published a summary of its research, to which Chair Andrew Ferguson and then-Commissioner Melissa Holyoak dissented, reasoning that the conclusions drawn in the summary were premature. The FTC has closed public comment on a request for information regarding retailers’ use of surveillance pricing.

Key Takeaways

Companies that use or are considering using surveillance pricing or algorithmic pricing practices should consider the following:

1. Assess Current Practices

• Conduct a comprehensive review of pricing practices to determine whether consumer personal data is being used to set individualized prices.
• Examine whether third-party vendors or technology providers are collecting or using consumer data for pricing purposes.
• Map data flows to understand what personal information is being collected and how it informs pricing decisions.

2. Evaluate Compliance with Existing Laws

• New York: Comply with Section 349-a’s disclosure requirements when using personalized algorithmic pricing.
• California: Ensure that use of personal information for pricing purposes is consistent with the reasonable expectations of consumers under the CCPA’s purpose limitation principle.

3. Review Privacy Policies and Disclosures

• Review privacy policies to ensure they accurately describe how consumer data is used, including for pricing purposes.
• Update consumer-facing disclosures to reflect current practices.
• Consider that transparency may help establish that data use is within consumers’ reasonable expectations.

4. Prepare for Enforcement

• High-Risk Sectors: Companies in retail, grocery and hotel sectors are currently targets of the California Attorney General’s investigative sweep.
• Ensure relevant documents and information regarding pricing practices are organized and accessible.
• Establish protocols for responding to investigative requests promptly.

5. Document Business Justifications

• Document business justifications for any price variations to support potential defenses if challenged.
• Note that under California’s proposed AB 2564, certain pricing variations are permitted:
  • Price differences based solely on costs of providing the good to different consumers.
  • Discounts based on publicly disclosed eligibility criteria.
  • Loyalty, membership or rewards program pricing.

* * *