Key Takeaways:
Maryland's new law banning grocery stores from using personal data to set individualized prices has ignited a wave of state-level legislation that could reshape how retailers deploy AI-powered pricing tools across the US economy.
Maryland in April enacted the Protection From Predatory Pricing Act, becoming the first state to prohibit large grocery retailers and third-party delivery services from using consumer data — including purchase history, browsing behavior, and location information — to charge different prices to different shoppers for the same food item. The law takes effect Oct. 1 and applies to any retailer or delivery platform operating in the state.
"The concern is not whether prices fluctuate, but whether AI systems use personal consumer data to charge different prices to different shoppers for the same grocery item," wrote Sandy Grimm, a partner at Burr & Forman and former chief legal officer at Southeastern Grocers, and Elizabeth Shirley, a data privacy partner at the same firm, in a June analysis. The distinction between traditional dynamic pricing — which adjusts based on broad supply and demand — and surveillance pricing, which targets individual willingness to pay, is becoming central to the regulatory debate, they said.
The legislative push extends well beyond Maryland. More than 50 bills across at least 26 states have been introduced in 2026 addressing pricing practices that involve analyzing consumer data through AI or other automated tools, according to a tally by the global data privacy and cybersecurity group at law firm Covington. New York's disclosure law, which took effect in November 2025, requires companies to reveal when they use personal data to set prices, and state legislators have introduced two new bills that would ban the practice outright. California is considering a statewide ban moving through committee. Connecticut's legislature approved a sweeping consumer privacy bill in May that includes new rules for surveillance pricing.
Colorado's veto highlights the regulatory fault line
Colorado Governor Jared Polis on Tuesday vetoed what would have been the nation's strongest surveillance pricing ban, writing in a public letter that the measure was overly broad and would "inadvertently capture innocuous uses of technology that in no way harms — and indeed benefits — consumers and workers." The bill would have applied across all industries and covered wages, not just consumer prices, making it far more expansive than Maryland's grocery-specific law.
The veto drew sharp criticism from consumer advocates. "Governor Polis had an opportunity to stand with working Coloradans, but instead chose to side with the dominant corporations using invasive surveillance data to pick their pockets," said Pat Garofalo, director of state and local policy at the American Economic Liberties Project. This marked the second time in 12 months that Polis blocked a surveillance pricing bill; in 2025, he vetoed a measure targeting rent-setting algorithms used by landlords.
The Colorado debate exposed a key tension in the regulatory approach. Maryland's law, while historic, was criticized by some advocates as riddled with industry carveouts. It did not address the loophole where a company could raise prices for everyone and then offer individualized discounts — a practice Colorado's broader bill would have prohibited, according to McBrien at the Electronic Privacy Information Center.
Federal scrutiny adds another layer of risk
At the federal level, the House Oversight Committee launched a personalized pricing investigation in March, sending document requests to a range of companies about their pricing practices. A committee spokesperson said the investigation is continuing. The Federal Trade Commission released initial findings of its own surveillance pricing investigation in early 2025, determining that companies were selling pricing and consumer-data tools to help retailers set individualized prices across various industries.
On May 18, a bipartisan group of 16 state attorneys general wrote to the FTC about online food delivery fees, asking the agency to "address unfair and deceptive pricing practices across the economy," including surveillance pricing. The current FTC chair, Andrew Ferguson, has characterized the previous administration's surveillance pricing report as a rush job, suggesting limited federal enforcement under the current administration.
The practical impact of these laws will likely be felt most heavily in e-commerce and delivery platforms rather than traditional stores, where shelf prices are visible to all shoppers. Digital commerce systems can dynamically present individualized prices, discounts, and fees in real time based on consumer-specific data — creating greater opportunity for pricing practices that regulators may target.
For multi-state grocery operators, the compliance challenge is compounded by inconsistent state vocabularies. Terms such as "dynamic pricing," "algorithmic pricing," "personalized pricing," and "surveillance pricing" are often used interchangeably even though they may regulate different conduct. A pricing system that complies in one jurisdiction could create legal exposure in another, particularly as states like California, Colorado, Illinois, Massachusetts, New Jersey, and New York all consider their own versions of regulation.
The reputational stakes are equally significant. Consumers generally tolerate surge pricing in discretionary contexts such as ride-sharing or travel. Grocery pricing involves essential household goods, and public reaction may be far more negative if shoppers believe retailers are using personal data to determine who can be charged more for food. That perception is helping drive the momentum behind state legislation, and the current wave of bills suggests Maryland's law is unlikely to remain unique for long.
This article is for informational purposes only and does not constitute investment advice.
