AB 2564 defines and forbids “surveillance pricing” — customized retail prices for goods that are based, in whole or in part, on personally identifiable information gathered via electronic surveillance technologies (sensors, cameras, device tracking, biometric monitoring, and similar methods). It covers data gathered directly by a retailer and data acquired from third parties.
The statute preserves narrowly drawn exceptions for cost-based price differences and bona fide, publicly disclosed discount programs, including broadly available group discounts and purchase-affirmative loyalty programs.
Enforcement is split: public prosecutors (Attorney General, district attorneys, large-city attorneys, and certain county/city prosecutors) may seek civil penalties (up to $12,500 per violation, with steeper penalties for intentional violations) and injunctive relief, while consumers may only seek injunctive relief and recovery of attorney’s fees and costs. The bill bars contractual waivers and declares its provisions cumulative with other state laws, linking the policy to the California Privacy Rights Act of 2020.
At a Glance
What It Does
AB 2564 prohibits retailers from offering or setting customized prices for a consumer or group when those prices are based on personally identifiable information collected through electronic surveillance technology, including data purchased from third parties. The statute enumerates exceptions for price differences purely tied to cost and for certain publicly disclosed or opt-in discount programs, and requires clear website disclosure for program eligibility and uniform availability for eligible consumers.
Who It Affects
Retailers as defined under California law (Revenue & Taxation Code §6015) are directly regulated, along with the platforms and vendors that supply or process surveillance-derived personal information (ad-tech/data brokers) and third-party analytics providers. Prosecutors at state and large-city levels gain the primary monetary enforcement role; consumers gain a narrow private right to seek injunctions and fees.
Why It Matters
This is one of the first state-level attempts to use consumer-protection law to restrict algorithmic, data-driven price personalization that relies on physical or digital surveillance. It forces businesses to change how they collect, purchase, and apply surveillance-derived personal data to pricing and introduces specific compliance obligations around public disclosure of discount eligibility.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
AB 2564 starts by setting definitions that matter to downstream compliance: it defines “electronic surveillance technology” broadly to include sensors, cameras, device tracking, and biometric monitoring in both physical and digital settings, and it ties “personally identifiable information” to the existing Civil Code definition of personal information under California law. The heart of the bill is the new prohibition: a retailer may not set or offer a customized price for a specific consumer or group when that pricing decision is based, in whole or in part, on personally identifiable information gathered through electronic surveillance methods — including data that the retailer obtains from third parties.
The statute carves out two main classes of exceptions. First, price differences that are solely explained by differences in the retailer’s costs to provide the item are permitted.
Second, the bill allows discounted prices so long as they meet strict disclosure and availability standards: the eligibility criteria, available discounts, and any conditions must be clearly and conspicuously posted on the company website, and the discount must be uniformly available to everyone who meets the disclosed criteria. The text explicitly contemplates common retail practices such as publicly offered group discounts (teachers, seniors, students), opt-in loyalty programs, and promotional sign-ups — but it excludes opaque online A/B price variants or individualized algorithmic markups tied to surveillance data.On enforcement, the bill gives public prosecutors primary authority to bring civil actions that can recover statutory penalties — up to $12,500 per violation, with higher penalties (including treble and disgorgement of revenues) where violations are intentional — and to obtain injunctions.
Individual consumers cannot recover civil penalties or statutory damages; instead, they may sue only for injunctive relief to stop ongoing violations and recover attorney’s fees and costs if they prevail. The bill also declares any contractual waiver of these rights void and states that its provisions are cumulative with other state laws, signaling that businesses could face parallel claims under anti-discrimination, consumer protection, or privacy statutes.Practical compliance will require retailers to map which pricing actions rely on surveillance-derived personal data, to audit data supply chains (including purchased datasets), and to document when a discount qualifies for the statutory exception.
Because the bill demands conspicuous web disclosure for discount programs, many businesses will need to update public-facing materials and internal processes to ensure discounts are uniformly applied. The statute does not lay out a regulatory rulemaking path or assign new rulemaking authority to an agency, but it references the policy goals of the California Privacy Rights Act, creating a legal cross-reference between pricing conduct and privacy enforcement priorities.
The Five Things You Need to Know
The bill defines “surveillance pricing” to include prices set using personally identifiable information obtained directly or purchased from third parties via sensors, cameras, device tracking, or biometric monitoring.
Retailers remain permitted to vary prices when the difference is based solely on costs of providing the good; cost-based variations are an explicit safe harbor.
Discount programs are allowed only if eligibility criteria, discounts, and conditions are clearly and conspicuously disclosed on the company’s website and the discounted price is uniformly available to all consumers who meet the criteria.
Only public prosecutors (Attorney General, district attorneys, large-city attorneys, qualifying county counsels, or specified city prosecutors) may seek civil penalties — up to $12,500 per violation and larger penalties (including treble and disgorgement) for intentional violations — while consumers may pursue injunctive relief and attorney’s fees.
Any contractual waiver of the statute’s protections is void; remedies under this law are cumulative and do not limit other state causes of action.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Definitions — surveillance tech, PI, retailer, discounted price
This section supplies the working definitions that determine scope. It ties “personally identifiable information” to existing Civil Code definitions (bringing the bill into the wider California privacy framework) and broadly defines “electronic surveillance technology,” which captures both in-store sensors and digital tracking. Because the retailer definition defers to Revenue & Taxation Code §6015, the law applies to businesses that qualify as retailers for tax purposes, a narrower set than all sellers and service providers. The definition of “discounted price” requires it be verifiably lower than a publicly disclosed bona fide market price, a term that will require operational guidance from courts or agencies.
Prohibition and exceptions for surveillance-based pricing
Section 7202 implements the ban and sets two affirmative exceptions: one for pricing differences that are solely cost-driven and one for bona fide discounted-price programs. The discounted-price exception has three alternative routes: (i) discounts based on publicly disclosed eligibility criteria any consumer could meet (like signing up for a mailing list), (ii) broadly defined group discounts (teachers, seniors), and (iii) discounts through paid or affirmatively enrolled loyalty programs. It also requires visible website disclosure of current eligibility criteria, discounts, and conditions and mandates uniform availability to eligible consumers, creating a transparency and nondiscrimination test for promotional pricing.
Enforcement: who may sue and what penalties are available
This section channels monetary enforcement to public prosecutors — the Attorney General, district attorneys, large-city attorneys (population >750,000), certain county counsels, and select city prosecutors — who can seek civil penalties up to $12,500 per violation and enhanced penalties for intentional violations (treble and disgorgement). Courts may also issue injunctions and declaratory relief. Consumers are limited to bringing suits for injunctive relief (to stop unlawful pricing) and may recover reasonable attorney’s fees and costs if they prevail, but they cannot obtain statutory civil penalties under the private cause of action. This enforcement design focuses on public enforcement for monetary deterrence while leaving individual consumers with equitable tools.
No waiver of rights
Section 7208 declares any waiver of the bill’s protections void and unenforceable as contrary to public policy. Practically, that prevents retailers from using contracts, terms of service, or membership agreements to require customers to give up these protections — a common defensive posture in consumer contracting that the bill closes off.
Cumulative remedies and legislative findings
Section 7209 makes the bill’s remedies cumulative with other state laws (including employment discrimination and existing privacy statutes), which means a single pricing practice could trigger parallel claims. Section 2 contains a legislative finding that the law furthers the intent of the California Privacy Rights Act, signaling lawmakers’ intent to read the ban as consistent with broader state privacy policy, even though the bill itself does not create a new regulatory program or assign rulemaking authority.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Consumers susceptible to individualized price hikes: People whose behavior or characteristics would otherwise trigger higher algorithmic prices gain statutory protection from price increases tied to surveillance-derived personal data.
- Groups that rely on public discount programs: Teachers, seniors, students, and other broadly defined groups retain access to uniform, publicly disclosed discounts without those offers being undermined by individualized surveillance upsells.
- Public prosecutors and consumer-protection offices: The Attorney General, district attorneys, and large-city attorneys receive a clear statutory tool to pursue monetary penalties and systemic injunctive remedies against abusive pricing practices.
Who Bears the Cost
- Retailers (including multichannel and digital sellers): Companies that use in-store sensors, mobile tracking, or third-party surveillance data to set dynamic prices will face compliance changes, documentation burdens, and potential civil exposure for historical pricing practices.
- Ad tech providers and data brokers: Firms that collect, aggregate, and sell surveillance-derived personal information will see a reduction in the commercial value of that data for pricing applications and increased legal risk as a supplier to noncompliant pricing systems.
- Compliance and legal teams: Businesses must invest in audits of pricing models and data supply chains, update website disclosures, and potentially redesign loyalty or targeted promotion mechanics to fit the statute’s uniform-availability and conspicuous-disclosure requirements.
Key Issues
The Core Tension
The central dilemma is balancing consumer protection against discriminatory or opaque surveillance-driven price personalization with the commercial interest in price experimentation, targeted discounts, and operationally legitimate segmentation: protecting consumers from predatory, profile-based markups may also restrict retailers’ ability to offer beneficial, tailored discounts or rapidly adjust prices in competitive markets, and the law trades that economic flexibility for stronger privacy-based price protections enforced primarily through public action.
The bill leaves several implementation and litigation questions open. First, the statute does not define how to prove that a price was “based” on surveillance-derived personal information; plaintiffs and prosecutors will need to show causal linkage between surveillance data and a pricing decision, a fact-intensive inquiry likely to hinge on internal model logs, vendor contracts, and metadata.
Second, the statutory safe harbors hinge on terms like “solely based on costs,” “verifiably lower” market prices, and “clearly and conspicuously” disclosed criteria — all standards that will invite disputes and require judicial or regulatory gloss to become operational.
A further operational tension concerns third-party data: the law expressly covers surveillance data “gathered, purchased, or otherwise acquired,” which means retailers that buy profiles or propensity scores from brokers must vet suppliers and purge uses that contribute to pricing decisions. The penalties are assessed per consumer or transaction, creating exposure that could compound quickly if prosecutors characterize automated pricing errors as repeated violations.
Finally, the statute does not assign rulemaking authority to the California Privacy Protection Agency or another body, so enforcement and interpretive norms will emerge through litigation and prosecutorial guidance rather than through a formal regulatory process, which lengthens uncertainty for businesses seeking compliance clarity.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.