AB 446 defines and forbids "surveillance pricing" at grocery establishments in California — that is, offering or setting customized price increases for a consumer or group based, in whole or in part, on personally identifiable information gathered through cameras, sensors, device tracking, biometrics, or similar electronic surveillance.
The bill builds a package of carve-outs and operational rules (cost-based pricing, broadly disclosed discounts, consumer‑purchased loyalty programs, and explicit consumer-provided information), limits downstream uses of personally identifiable information collected for discounts, and creates enforcement tools including civil penalties and injunctive relief enforced by state and local prosecutors; consumers may bring only injunctive suits. The statute targets modern retail surveillance practices and limits how third‑party augmentation of discount data may be used for individualized pricing decisions.
At a Glance
What It Does
AB 446 prohibits grocery establishments from increasing prices for specific consumers or groups using personally identifiable information collected via electronic surveillance. It lists narrow exceptions (cost-based differences, public eligibility discounts, broadly defined group discounts, purchased loyalty programs, explicit consumer-provided info, and certain insurer activities) and bars augmenting consumer-provided data with third‑party data for price-setting.
Who It Affects
The rule applies to "person grocery establishments" — natural persons and entities operating grocery establishments as defined in California labor law — plus the technology vendors, data brokers, and advertisers that supply or process surveillance-derived data for retailers. Insurers receive a limited carve-out tied to existing insurance law.
Why It Matters
This is one of the first state-level laws to target individualized price increases that rely on surveillance technologies rather than traditional credit or market factors. It limits retailers' ability to use in-store and device-derived data for dynamic pricing and constrains how loyalty and promotional data can be combined with external datasets.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
AB 446 starts by defining key terms: "person" (natural person or entity), "grocery establishment" (as already defined in California labor law), "personally identifiable information" (aligned with Civil Code definitions), and "surveillance pricing" (price increases for a specific consumer or group based on PII collected through electronic surveillance technology such as cameras, sensors, device tracking, or biometrics).
The core prohibition makes it unlawful for a grocery establishment to engage in surveillance pricing. The bill then lists a set of explicit exceptions — where price differences are allowed — including differences based solely on the seller's cost to serve a customer; discounts tied to publicly disclosed eligibility (e.g., signing up for a mailing list); discounts for broadly defined groups (teachers, seniors, military, residents of an area); discounts provided through loyalty or membership programs that consumers knowingly purchase or enroll in; and discounts given after a consumer knowingly provides PII for the discount when the disclosure is clearly and prominently stated.To prevent circumvention, AB 446 requires that any discount offered under the enumerated exceptions be clearly and conspicuously disclosed before the collection of PII and uniformly available to everyone who meets the posted eligibility criteria.
It also forbids augmenting PII collected for discount purposes with additional PII obtained from third parties and limits the permitted uses of PII collected under those exceptions solely to offering or administering the discount or program — expressly barring profiling, targeted advertising, or individualized price-setting using that data.On enforcement, the bill gives the Attorney General and certain local prosecutors authority to bring civil actions and recover monetary penalties (up to specified amounts per consumer violation, with steeper penalties if the violation is intentional). Consumers are limited to seeking injunctive relief to stop violations and may recover attorneys' fees if they prevail.
The statute includes a carve-out for pricing decisions based on consumer and commercial credit reports under federal and state credit reporting laws and clarifies that insurance pricing remains subject to the Insurance Code and Proposition 103 constraints.
The Five Things You Need to Know
The bill defines "surveillance pricing" as individualized price increases based on personally identifiable information collected via electronic surveillance such as cameras, sensors, device tracking, or biometrics.
It prohibits surveillance pricing by "person grocery establishments," but permits price differences that are cost-based, publicly disclosed discounts, broadly defined group discounts, purchased loyalty programs, or discounts after a consumer knowingly provides PII with clear disclosure.
Discount programs relying on consumer-provided PII must disclose eligibility, available discounts, and conditions before any PII is collected, and offers must be uniformly available to all who meet the criteria.
Companies may not augment PII given for discounts with third‑party PII, and any PII collected for discounts may be used only to administer that discount or program—not for profiling, targeted advertising, or individualized price setting.
Enforcement: the Attorney General and specified local prosecutors can seek civil penalties (up to $12,500 per violation; intentional violations may trigger up to triple that penalty plus revenues), while consumers may bring only injunctive actions; prevailing plaintiffs recover attorney’s fees.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Definitions (person, grocery establishment, PII, surveillance pricing)
This section sets the statutory vocabulary. It adopts a broad definition of "person" to include entities, reuses the existing California Labor Code definition for "grocery establishment," and imports the Civil Code definition of personal information. Critically, it defines "surveillance pricing" to cover price increases tied to PII gathered by electronic surveillance tools (cameras, sensors, device tracking, biometric monitoring, etc.), explicitly capturing both physical and digital observation methods. The breadth of these definitions determines the statute's reach and the kinds of retail data collection that fall within the ban.
Prohibition on surveillance pricing and enumerated exceptions
Subsection (a) states the core prohibition: grocery establishments may not engage in surveillance pricing. Subsection (b) then lists six precise exceptions — cost-based price differences, publicly disclosed eligibility discounts, broadly defined group discounts (e.g., teachers, seniors), discounts through purchased loyalty programs, discounts after explicit consumer-provided PII with clear disclosure, and insurance-related pricing by regulated insurers. These exceptions are narrow and operational: they allow common retail discounting models while attempting to prevent surreptitious individualized price hikes based on covertly captured surveillance data.
Credit-report carveouts, disclosure, uniformity, and data-use limits
Subsection (c) excludes pricing actions based on consumer or commercial credit reports from being treated as surveillance pricing, preserving the operation of credit-based underwriting and pricing. Subsections (d) and (e) set operational controls on allowed discounts: merchants must disclose eligibility criteria, discounts, and conditions before collecting any PII; offers must be uniformly available to everyone who meets the posted criteria; PII collected for discounts must not be augmented with third-party data; and that PII may be used only to administer the discount or program—not for profiling, targeted advertising, or further individualized price setting. These provisions create compliance checkpoints intended to prevent circumvention through data blending or post-hoc personalization.
Enforcement, remedies, and penalties
This enforcement section assigns primary civil enforcement authority to the Attorney General and enumerated local prosecutors (district attorneys, city attorneys for large cities, county counsels in counties with large cities, and certain city prosecutors). It authorizes civil penalties up to $12,500 per violation, treats each consumer or transaction as a separate violation, and allows harsher remedies for intentional violations (up to triple the base penalty plus revenues earned from the violation). Courts may also issue injunctions or declaratory relief, and prevailing plaintiffs recover reasonable attorney’s fees and costs. Consumers may only seek injunctive relief themselves (with fees for prevailing plaintiffs), limiting private monetary recovery.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Grocery shoppers concerned about privacy — the ban reduces the risk they will face secret, individualized price increases driven by in-store cameras, device tracking, or biometric monitoring.
- Consumers with limited bargaining power — explicitly uniform discounts and prior-disclosure requirements make promotional pricing more transparent and accessible to eligible groups.
- Privacy advocates and civil-rights organizations — the law constrains a growing class of surveillance practices in retail environments and limits the downstream use of PII for profiling or targeted price increases.
- Competitor retailers that do not rely on surveillance data — the prohibition levels the playing field by limiting advantages gained through covert data collection and third‑party augmentation.
Who Bears the Cost
- Grocery establishments that use surveillance technology for personalization — they must halt individualized price increases tied to surveillance PII or reengineer pricing systems to comply, incurring compliance and technology costs.
- Data brokers and third‑party analytics vendors — the ban on augmenting consumer-provided PII and restrictions on downstream use reduce demand for combining surveillance data with third-party profiles.
- Marketing and ad-tech firms that convert in-store signals into personalized offers — they face loss of marketable use cases and potential contract renegotiations with retailers.
- Small and mid-size grocers operating loyalty programs — these businesses must ensure clear pre‑collection disclosures and uniform availability, which may require legal review, changes to enrollment flows, and auditing capabilities.
- Enforcement agencies (AG and local prosecutors) — the state and local offices take on investigatory and litigation burdens to police violations, potentially requiring new resources to identify and prove surveillance-driven pricing schemes.
Key Issues
The Core Tension
The statute balances two legitimate objectives — protecting consumers from opaque, surveillance-driven price discrimination and preserving retailers’ ability to offer transparent discounts, cost-based pricing, and consumer‑requested loyalty benefits — but it does so by drawing bright lines around the use and augmentation of surveillance data, creating tough implementation and enforcement choices about what counts as legitimate personalization versus prohibited surveillance pricing.
AB 446 raises several practical and legal implementation questions. First, the statute hinges on proving the causal link between surveillance-derived PII and a price increase — litigators and regulators will need to develop evidentiary playbooks to trace algorithms, variable pricing logs, vendor contracts, and data flows.
Retailers frequently rely on complex multi-party systems (POS, ad platforms, loyalty vendors, analytics providers), so untangling those relationships to show forbidden use of surveillance PII may be time- and resource-intensive.
Second, the consumer-consent and disclosure carve-outs rely on subjective standards — "clear and conspicuous" disclosure and whether a consumer "knowingly" provided PII. Those standards will generate compliance uncertainty and litigation over presentation, timing, and substance of disclosures.
The ban on augmenting PII with third-party data is sensible in theory but hard to operationalize: vendors maintain stitched identity graphs, and compliance will require firms to demonstrate data provenance, build separation controls, and provide audit trails. Finally, the enforcement design creates an asymmetry: prosecutors can obtain monetary penalties while consumers can only seek injunctive relief, which concentrates monetary enforcement in public offices and may leave many individual harms without direct monetary remedy.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.