Enforcement Landscape Heightens Risk Around Surveillance Pricing in California and at the ...

Alert 12.22.25

Alert

02.24.26

California has entered 2026 with an aggressive enforcement posture toward surveillance pricing—the practice of using consumer personal information to set individualized prices for goods or services. The California Attorney General (AG) has explicitly linked this practice to potential violations of the California Consumer Privacy Act, as amended,** (CCPA)** and has begun formal investigative sweeps targeting businesses across retail, grocery and hospitality sectors. Meanwhile, California’s parallel antitrust reforms (AB 325) targeting algorithmic pricing deepen legal exposure for companies that use shared or data‑driven pricing systems.

This alert outlines the legal risks businesses face and recommended steps to mitigate exposure.

Enforcement Focus: California AG Targets Surveillance Pricing Under the CCPAOn Data Privacy Day 2026, Attorney General Rob Bonta

Regulators emphasized that:

Practical TakeawaysCompanies should inventory and evaluate whether their personalized pricing models rely on processing that (i) has not been adequately disclosed, (ii) lacks a clear nexus to the original purpose of data collection, or (iii) deviates from reasonable consumer expectations.

Federal Trade Commission (FTC) ReviewThe FTC has also focused on surveillance pricing.

In July 2024, the FTC launched its Surveillance Pricing 6(b) study to “catalog the types of data that companies use to fuel their algorithms and where that data is sourced” and “enhance the agency’s understanding of what industries … are using these pricing technologies.” In lay terms, the FTC seeks to reveal the impacts surveillance pricing has on consumers by arming them with more information on who can track their data and how their data is tracked.

What Does This Mean for Businesses?As noted by the FTC, Section 6(b), 15 U.S.C. Sec. 46(b), empowers the Commission to

In other words, businesses could be subject to these types of investigations *even if *they are not suspected of doing something “illegal”—simply to educate the consumer on how their data is being used for the benefit of the business.

The Test-Run: Grocery StoresWhile the FTC identified many different types of consumer-facing businesses using “surveillance data”—like apparel retailers, health and beauty retailers, home goods and furnishing stores, convenience stores, building and hardware stores, and general merchandise retailers such as department or discount stores—one industry has particular attention: grocery stores.

Two U.S. Senators, Jeff Merkley (D-OR) and Ben Ray Luján (D-NM), recently introduced the “Stop Price Gouging in Grocery Stores Act of 2026” (introduced February 12, 2026). The act seeks to “prohibit retail food stores from price gouging and engaging in surveillance-based price setting practices” and reduce use of biometric data, unless the consumers are informed in writing and the biometric data is not sold to or shared with any third party.

If violated, the Act empowers the FTC to subject the grocery store to “penalties” for “unfair or deceptive acts or practices” and “unfair methods of competition.” In addition, the state AG or private citizens may bring a civil action if the interest of the resident(s) is “threatened or adversely affected by [a] violation[.]”* Monetary penalties for such a violation include the greater of either (i) the actual monetary damages incurred or (ii) $3,000 *per violation.* *If the violation was “willful or knowing,” the court may increase the award to three times the amount otherwise available. * *

Not the Only Legislation: Algorithmic Pricing and Wage-Setting BillsOther legislation, like

Just a few months later, in December 2025, Sen. Ruben Gallego (D-AZ) introduced S. 3387, “One Fair Price Act of 2025,” to “prohibit certain uses of automated decision systems to inform individualized prices, and for other purposes.”* *(Emphasis added.) Specifically, the bill concludes that air carriers—including foreign air carriers—and ticket agents shall not engage in surveillance pricing.

Overall ConsequencesSurveillance-based price setting is defined broadly as the “offering, setting, or informing a customized price for an item for a specific consumer or group of consumers, based, in whole or in part, on personal information collected through electronic surveillance technology, including such information gathered, purchased, or otherwise acquired.”

New issues arise with purchasing applications, particularly as businesses attempt to keep up with the evolving technological landscape.

Overlapping Antitrust Risk: California’s 2026 Algorithmic Pricing Framework (AB 325)Surveillance pricing exists alongside California’s newly enhanced antitrust regime, which directly targets

Effective January 1, 2026, AB 325 amended California’s antitrust statute, the Cartwright Act, to provide that:

(For more information, see our prior article and client alert: “How Calif. Law Cracks Down On Algorithmic Price-Fixing,” Law360, and “California Establishes New Criminal and Civil Liability Targeting Shared Pricing Algorithms and ‘Coercion.’”)

Relevance to Surveillance PricingAntitrust risk is highest when pricing tools make it easier for competitors to move prices in the same direction, especially when they rely on shared vendors, pooled data or other features that reduce independent pricing decisions. Although AB 325 focuses on the use or distribution of “competitor data,” the broader enforcement concerns overlap with surveillance pricing:

Companies that use vendor‑supplied pricing tools—particularly those involving pooled datasets—should assess whether their systems implicate the Cartwright Act as amended by AB 325.

Pending Legislation: AB 446 Would Explicitly Ban Surveillance PricingAlthough not yet enacted,

Offering or setting a customized price increase for a good or service for a specific consumer or group of consumers based, in whole or in part, on personally identifiable information collected through electronic surveillance technology.

If adopted in 2026, AB 446 would:

While the bill remains under debate, its existence further reinforces the direction of California policymaking.

*Compliance Implications for 2026 *These recent efforts by the California AG, FTC and legislation in Congress and the California Legislature underscore the increased scrutiny for the use of surveillance pricing and related tools.

Clients—particularly those operating in California—should reassess their pricing, data and algorithmic practices with the following risks in mind:

These features can raise risk when they make it easier for competing companies to use the same inputs or follow similar pricing recommendations, rather than setting prices independently. (For an overview of these concepts, how they can arise in vendor pricing tools and the risks involved, see Pillsbury’s prior coverage, “California’s Aggressive State Antitrust Enforcement Efforts Continue to Grow”; “New California Law Cracks Down on Algorithmic Price Fixing”; and “California Toughens Penalties for Cartwright Act Violations.”)

Recommended Risk‑Mitigation Actions

ConclusionCalifornia, among other enforcers, has entered 2026 with a

[1] For example, Cal. Civil Code § 1798.100(c): “A business’ collection, use, retention, and sharing of a consumer’s personal information shall be reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed, or for another disclosed purpose that is compatible with the context in which the personal information was collected, and not further processed in a manner that is incompatible with those purposes.”

[2] See, e.g., Cal. Civ. Code § 1798.100(b) (notice at collection); id. § 1798.130(a)(5) (privacy policy).