On June 4, New York legislators passed the One Fair Price Act, a bill that curbs "surveillance pricing" — the practice of using AI and algorithms to mine a shopper's personal data and set an individualized price. With it, New York becomes the third state, after Maine and Connecticut, to legislate against the practice. The bill now goes to Governor Kathy Hochul. Separate from the tariff fight we covered over the weekend, this is the policy thread retailers' technology teams should be reading most closely.
What the bill actually targets
Surveillance pricing, as Consumer Reports describes it, is when a company reviews data like your browsing history, real-time location, or inferred family size and income to decide what price or discount to show you. The concern is straightforward: the same product, two shoppers, two prices, set by a model trying to estimate the most each person will pay.
Crucially, the bill is written to spare the pricing tools retailers consider table stakes. "Part of the bill allows for preserving bona fide discounts," said Beth Finkel, state director of AARP New York — "that means of sales, coupons, loyalty programs. It's what consumers expect and rely on." In other words, your loyalty program and your weekly circular are fine. Training a model on a customer's inferred income to quietly nudge their checkout total is the behavior in the crosshairs.
A patchwork is forming fast
For multistate retailers, the headache isn't any single law — it's the accumulation of slightly different ones. New York already has a surveillance-pricing disclosure law on the books, which took effect in late 2025 and requires businesses to tell consumers when a price was set by an algorithm using their data. The One Fair Price Act goes further, toward restriction rather than mere disclosure.
And the map keeps changing. Maryland recently enacted its own surveillance-pricing ban aimed at AI-driven grocery pricing. Colorado vetoed a comparable bill. California and New Jersey are weighing their own versions. That's the definition of a compliance patchwork: disclosure here, restriction there, a veto somewhere else, and a different definition of "personal data" in each statute.
What it means for retailers and their vendors
The practical takeaway for retail decision-makers is that "personalized pricing" and "personalized marketing" are diverging legally, even though many martech and pricing platforms blur them. A coupon targeted to a loyalty segment is increasingly safe ground. A real-time price that moves based on a shopper's device, location, or inferred wealth is increasingly legal risk — and the risk now varies by state line.
Vendors selling dynamic-pricing and personalization engines should expect procurement teams to start asking harder questions: What signals does the model use? Can it be configured to exclude protected or sensitive inputs by jurisdiction? Can it prove a given price wasn't set using an individual's personal data? Consumer Reports' Grace Gedye warned that Hochul "will no doubt be met with a lot of corporate lobbying to weaken this bill in the months to come," so the final contours in New York aren't settled. But the direction across states is. The era of quietly testing what each shopper will pay is running into law, one capitol at a time — and the retailers who get ahead of it will be the ones who can document exactly how their prices are set.
