Businesses using algorithms and personal data to set prices are grappling with an increasingly fragmented set of risks. What began as a niche consumer protection issue has entered the mainstream, with lawmakers, regulators, and plaintiffs' lawyers all converging on personalized pricing. 

Where early proposals focused on transparency, requiring businesses to disclose when using personal data to algorithmically determine prices, several states have imposed more substantive restrictions on how businesses may use personal data in pricing decisions, if at all. At the same time, lawmakers continue to struggle with how to regulate personalization without inadvertently outlawing ordinary discounts, loyalty programs, or dynamic pricing practices that consumers generally expect and enjoy. 

Two basic frameworks had begun to emerge, New York's disclosure-focused model and Maryland's industry-specific prohibitions (which we previously covered here).  Recent months, however, have provided some clarity into how state legislators – and now the plaintiff's bar – are refining and expanding efforts to regulate data-driven pricing practices.

Connecticut Privacy Amendments Expand Into Pricing

Connecticut continues to augment its comprehensive privacy law through SB 4, signed by Governor Ned Lamont on May 27, 2026. The amendment contains personal data-driven pricing regulation, combining New York-style disclosure obligations with Maryland-style targeted prohibitions. 

First, it requires any business using a “price setting device,” or any automated process that uses personal data to establish prices, to include a disclosure that “THIS PRICE WAS INCREASED BY A PRICE SETTING DEVICE USING YOUR PERSONAL DATA,” or substantially similar language. In doing so, Connecticut adopts a narrower version of the New York model, which requires disclosures whenever personal data resulted in any price difference, not solely increases.

Second, the law flatly prohibits retail sellers and third-party delivery services from engaging in surveillance pricing, or setting customized prices using consumers' personal data collected through technologies such as device tracking, sensors, geolocation tools, or biometric monitoring.. A “retail seller” is a business engaged in consumer retail sales of tangible goods, creating a broader-reaching prohibition than in Maryland's law.

Like similar state laws, Connecticut exempts a wide range of common pricing practices, including: loyalty and rewards programs; member discounts; discounts tied to broad customer categories (e.g., veterans, seniors, teachers); dynamic pricing justified by supply-demand conditions; and pricing differences tied to operational factors such as delivery distance or timing.

New York Legislature Overhauls Its Algorithmic Pricing Disclosure Law

Just as Connecticut borrowed from New York's notice framework, New York itself is now pivoting toward outright substantive restrictions. 

On June 4, 2026, the New York legislature passed the One Fair Price Act (S8623A), which amends the earlier 2025 law to prohibit businesses from using algorithms that rely on personal data to offer different prices for the same goods or services. It additionally prohibits disclosing personal data for the purpose of facilitating surveillance pricing, potentially imposing liability on third-party data providers.  New York similarly attempts to narrowly tailor its law by carving out loyalty and rewards programs, military and senior discounts, promotional pricing, discounts based solely on prior purchase history, and certain marketplace-specific discounts. 

The bill escalates penalties from a maximum of $1,000 per violation to up to $5,000 for first violations and up to $20,000 for subsequent violations, or disgorgement of profits, whichever is greater. 

If enacted, the One Fair Price Act represents a sea change in data-driven pricing regulation: a substantive, Maryland-style prohibition with near-general applicability.

Governor Hochul has until the end of this year to sign or veto the law, which has thus far garnered support from the New York Attorney General. 

Colorado Governor Vetoes Surveillance Price & Wage Bill

Not all efforts to rein in such pricing practices have been successful. 

In May, the Colorado legislature passed HB26-1210, a weighty bill targeting the use of certain algorithms and personal data in individualized price and wage setting. Governor Jared Polis vetoed the bill, citing concerns about its breadth and potential for unintended consequences. 

In his veto statement, he highlighted a fundamental challenge confronting lawmakers in this area: how to craft a bill that doesn't inadvertently preclude providing bona fide lower prices. Inherently, differential pricing cuts both ways: offering one consumer a lower price means another pays more for the same product or service. Legislators therefore must either designate certain forms of price differentiation to be socially and politically acceptable, or draft laws more narrowly focused only on price increases. Increasingly, states like Connecticut and Maryland appear to be choosing the latter, administratively simpler approach. 

Class Actions Arrive

Not to be left behind, the plaintiffs' bar has also keyed in on pricing practices, bringing claims under state wiretapping and consumer protection laws. For more information and analysis, I will point you to my colleague Peter Devlin's excellent coverage on our Class Action blog: Surveillance Pricing Class Actions Are Here.

Compliance Considerations and Looking Ahead

For businesses using algorithmic pricing, personalization, or dynamic pricing tools, several themes are beginning to emerge

• Build out pricing governance. Businesses should know the categories of personal data they use in pricing models, and be able to categorize every price differential as either subject to these laws or exempt (and why).
• Evaluate loyalty and discount programs. Nearly every law in this area attempts  to preserve bona fide discounts, rewards programs, and broadly available promotional pricing, so businesses should ensure their programs satisfy definitions and requirements under these and, where applicable, state privacy laws.
• Coordinate privacy and pricing compliance. Responsible teams need to work together.
• Audit downstream uses. New York’s proposed restrictions on sharing personal data for surveillance pricing purposes underscore that liability may increasingly extend beyond the entity displaying the price itself.
• Review disclosures and communications. Some states are beginning to converge around mandatory disclosure requirements for certain forms of personalized pricing, although without uniform requirements for wording, scope, or presentation.

These developments represent only a sampling of recent activity of pricing space. Still looming are FTC and congressional scrutiny, state rules touching automated decision-making, profiling, and discrimination, reference pricing issues, and antitrust. Safe to say things will change before our next personalized pricing roundup.