Surveillance Pricing: A Burgeoning Privacy Issue

Key Takeaways

• Surveillance pricing is emerging as a frontline privacy and consumer protection issue. Regulators are scrutinizing how businesses use personal data to set individualized prices, raising risk under laws like the CCPA and state consumer protection statutes.
• California’s attorney general has launched a sweep into surveillance pricing practices. Additionally, New York now requires clear algorithmic pricing disclosures, indicating a broader national trend toward transparency mandates and potential restrictions.
• Businesses should proactively audit pricing models and vendor tools. Companies in retail, travel, hospitality, and other consumer-facing sectors should evaluate whether personal data influences pricing, update disclosures, assess third-party tools, and monitor legislative and enforcement activity to mitigate regulatory risk.

Surveillance pricing — also known as data-driven, dynamic, personalized, or algorithmic pricing — refers to businesses’ use of consumers’ personal data to set targeted, individualized prices for the same product or service. The practice leverages personal information including precise location, demographics, browsing history, device data, and even mouse movements and abandoned online shopping carts to tailor prices to individual consumers based on their estimated willingness to pay. With legal implications at the intersection of consumer protection, privacy, artificial intelligence, and antitrust law, this practice has garnered the attention of regulators and lawmakers.

California AG Announces Surveillance Pricing Sweep

Most recently, California Attorney General (“AG”) Rob Bonta announced an investigative sweep focused on companies engaging in surveillance pricing. The AG made the announcement on January 27, 2026, in honor of Data Privacy Day, linking the sweep to the California Consumer Privacy Act (“CCPA”). According to the announcement, surveillance pricing practices may violate the CCPA transparent notice and purpose limitation requirements that mandate companies (1) disclose how they use personal information; and (2) only use personal information for purposes that are consistent with the reasonable expectations of consumers. The stated focus of the sweep is on the retail, grocery, travel, and hotel sectors. As part of the sweep, the California Department of Justice is sending letters to businesses requesting information about their online pricing practices. The sweep represents a novel use of comprehensive state privacy laws to address surveillance pricing.

FTC Surveillance Pricing Study

Under the previous administration, the Federal Trade Commission (“FTC”) showed a strong interest in this issue, undertaking a surveillance pricing market study. Prior to the change in administration, the FTC issued initial findings from the study, which explored various surveillance pricing tools in the marketplace. Current FTC leadership, however, has signaled that the study is no longer a priority. Meanwhile, consumer watchdog groups have undertaken their own studies and shown concern.

New York Disclosure Law

Effective November 10, 2025, New York’s Algorithmic Pricing Disclosure Act requires companies using personalized pricing algorithms to provide clear and conspicuous disclosure when offering goods or services to consumers in New York, subject to certain exceptions. The mandated statement, “THIS PRICE WAS SET BY AN ALGORITHM USING YOUR PERSONAL DATA,” must be displayed prominently alongside the price.

Across the country, other states have introduced bills seeking to regulate surveillance pricing — some mandate disclosures, while others propose to ban the practice altogether. Several jurisdictions have passed, or are considering, laws targeting the practice in specific industry sectors such as groceries, event tickets, and rent-setting.

Considerations for Businesses

Given increased regulatory scrutiny and the possibility of a broad interpretation of algorithmic pricing, even lawful price variations could draw attention from regulators if they can be linked to personal data. Businesses should consider taking the following steps to assess and address the risk profile of their pricing practices:

• Review current pricing models and identify any variables tied to consumer personal data.
• Document the reasoning behind pricing models to clearly explain how changes occur and determine whether personal data is a factor.
• Update privacy policies and other notices and disclosures, as needed, to ensure transparency around pricing and compliance with disclosure obligations (e.g., New York).
• Carefully scrutinize any third-party providers of surveillance pricing tools to understand how they address legal concerns around consumer protection, privacy, AI, and antitrust.
• Audit surveillance pricing tools for compliance with set parameters.
• Monitor the legislative and enforcement landscape and be prepared to tailor compliance strategies as needed.

For guidance on risk mitigation strategies regarding surveillance pricing, please contact AGG Privacy & Cybersecurity partner Erin Doyle or another member of the Privacy & Cybersecurity team.