The Price of Dynamic and Personalized Pricing—What’s Next?

Dynamic and personalized pricing are reshaping how companies approach revenue optimization, but these strategies now face the headwinds of growing regulatory scrutiny.  As state attorneys general, legislatures, and federal agencies scrutinize these practices, businesses must adapt to a shifting compliance landscape.

What Is Dynamic and Personalized Pricing?

Dynamic pricing refers to the practice of adjusting prices in real time or over short intervals based on external factors such as supply and demand, inventory levels, time of day, or market conditions.

Personalized pricing, on the other hand, involves setting prices for individual customers based on their personal data or behavior.  This can include factors such as browsing history, purchase history, location, or demographic information.  For instance, an online retailer might offer different prices to different users for the same product, depending on their shopping patterns or loyalty status.

Regulators are primarily concerned with personalized pricing and the data used to determine consumer prices.

Regulatory Developments

California’s New Approach

In January 2026, California’s Attorney General signaled a shift from growing concern to active enforcement by launching a broad investigation into how companies use personal data to set prices.  This move is particularly significant for industries like grocery, travel, and retail, where loyalty programs and online shopping histories can yield a wealth of consumer data.

California’s use of the CCPA to examine whether consumers “reasonably expect” their data to be used for pricing is a new and untested application of the existing law.  But aside from potential enforcement actions, this investigation may spur the plaintiff’s bar to consider new and novel applications of the law targeting personalized pricing.

The AG’s investigation should serve as a reminder to companies doing business in California to consider how pricing is determined and to document that decision when AI or other pricing-software is being used to dynamically adjust pricing or offers.

New York’s Disclosure Mandate

Meanwhile, New York’s Algorithmic Pricing Disclosure Act, N.Y. Gen. Bus. Law § 349, et seq., a law that is the first-of-its kind, has set a new benchmark for transparency.  The law, which has thus far survived a constitutional challenge,^[1] requires businesses to inform consumers when prices are determined by algorithms using personal data.  Any company using third-party pricing software, or tailoring discounts based on consumer data is now subject to scrutiny.

The law’s broad definition of “personalized algorithmic pricing” means that even businesses experimenting with dynamic pricing pilots must evaluate their compliance posture.  The U.S. District Court for the Southern District of New York’s endorsement of the law’s disclosure requirement as factual and minimally burdensome suggests that similar mandates may soon appear in other jurisdictions.

Antitrust and Civil Rights Risks

Recent enforcement actions, such as the DOJ’s settlement with RealPage, have brought to the forefront that using algorithmic pricing tools, while not inherently unlawful, carries real risk.  It highlights that the DOJ is watching for signs of “hub-and-spoke” collusion between companies, especially in industries where a handful of vendors dominate the market

Civil rights and consumer protection concerns are rising.  Regulators are increasingly attentive to whether pricing algorithms, even if facially neutral, result in disparate outcomes for protected groups.  To the extent that any pricing algorithm, trained on historical data, consistently charges higher fares in neighborhoods with large minority populations, such outcomes could trigger investigations or lawsuits under state or federal anti-discrimination laws.

Other State and Federal Activity – New Legislation

• California AB 325: Effective January 2026, this new law prohibits collusion using pricing algorithms.  In addition, the new law also creates liability for coercing others to adopt a “common pricing algorithm.”
• Connecticut HB 8002: Effective January 2026, this new law targets use of revenue management devices (software using programmed or automated processes) to set rental rates or occupancy levels for residential units.  While not applicable to all sectors, it indicates a growing concern for personalized pricing.
• Tennessee SB 1807: Newly enacted and effective July 1, 2026, this new law makes using personalized algorithmic pricing to set the prices for a good or service for Tennessee consumers an unfair or deceptive act in violation of the Tennessee Consumer Protection Act.
• In other states various bills have been introduced, offering a wide range of proposals to regulate personalized pricing, including outright bans, disclosure mandates, and limits on biometric/sensitive data use.

What’s on the Horizon?

As the number of states with data privacy laws grows, we anticipate that more states will follow New York and Tennessee’s lead, not only with disclosure mandates but also with substantive restrictions on the types of data that can be used for pricing.  Enforcement concerns and potential liability for violations of new laws or anti-discrimination statutes will continue to increase.

Industries With the Most Risk

• Retail and eCommerce: Online retailers using personalized discounts or flash sales based on user profiles should review how they communicate price-setting logic to consumers. “Members-only” pricing without disclosures may quickly become a growing compliance and liability risk.
• Hospitality and Travel: Hotels and airlines, long accustomed to dynamic pricing, will likely now face new questions about how loyalty data and location information are factored into rates. Companies in these sectors offering different prices to guests based on their browsing history or mobile app activity must now consider both disclosure and fairness.
• Real Estate and Property Management: Landlords and property managers using revenue management software should be aware that even passive reliance on third-party pricing recommendations can attract antitrust scrutiny, especially if competitors are using the same platform.
• Ticketing and Live Events: Concert and sports ticket sellers experimenting with surge pricing or personalized offers may soon need to provide clear, real-time disclosures to consumers—and defend their practices against claims of unfairness or discrimination.

Strategic Considerations for Compliance

• Clarify data use: Ensure consumer data collection and application for pricing is justified and aligns with both consumer expectations and legal requirements. Consider whether location, loyalty, or behavioral data is necessary, or if less sensitive data could achieve similar goals.
• Transparency: Review whether consumer communications—whether in-app, online, or at point of sale—accurately reflect how prices are determined. In jurisdictions like New York, this is not just a best practice, but a legal requirement.
• Assess impact: Companies should assess the impact of their pricing models, particularly whether algorithms could inadvertently result in disparate outcomes for certain groups of consumers.
• Vendor and technology relationships: If your organization relies on external platforms or software for pricing, it is important to understand how these tools use and share data, and to ensure that contracts address compliance obligations and provide adequate oversight.
• Defensible narrative: Be prepared to explain your pricing logic and data flows to regulators or plaintiffs’ counsel. This includes having a defensible narrative for how your pricing strategy serves both business objectives and consumer interests.

Vorys will continue to monitor regulatory changes and enforcement in this space. If your business is exploring or already using data-driven pricing models, now is the time to ensure your practices are not just innovative, but also defensible.

_________________

^[1] Nat'l Retail Fed'n v. James, No. 25-cv-5500 (JSR) (S.D.N.Y. Oct. 8, 2025).