SF 2278 prohibits the use of personalized algorithmic pricing and surveillance-derived pricing at defined food retail establishments in Iowa. The bill bars electronic shelf displays from showing individualized prices, requires nondigital price presentations in-store, restricts collection and use of minors’ data, and limits pricing based on protected-class information when it produces denials or different prices.
The measure matters because it translates growing concerns about retail surveillance and individualized pricing into concrete obligations for large grocers and chains. Compliance will require retailers to audit in-store pricing systems, change shelf-label technology, and rethink data collection and model inputs; regulators and private litigants gain new enforcement tools and a per-violation penalty structure.
At a Glance
What It Does
The bill bans personalized algorithmic and surveillance-based pricing at qualifying food retail establishments, prohibits using electronic shelving labels to present such pricing, and requires nondigital price displays. It also restricts collecting or using minors’ data and using protected-class data in ways that withhold accommodations or produce different prices.
Who It Affects
Large grocery-format retailers (as statutorily defined), vendors and integrators of electronic shelving label systems, analytics vendors supplying algorithmic pricing or surveillance inputs, and compliance/legal teams tasked with pricing, privacy, and point-of-sale operations.
Why It Matters
This is a narrowly tailored state-level intervention into how retailers may use consumer data and automate pricing decisions, with implications for retail technology vendors and the future use of sensors, cameras, and behavioral data in brick-and-mortar stores.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
SF 2278 sets out a short, function-first framework. It defines core terms—algorithm, consumer data, surveillance pricing, electronic shelving labels (ESLs)—and then creates prohibitions around how those tools and data may influence in-store prices at qualifying food retailers.
The bill does not attempt to regulate online pricing directly; instead its controls focus on in-store displays and data gathered through physical surveillance technologies.
Operationally, the law separates permissible retail pricing activity from prohibited algorithmic personalization: it preserves traditional promotional pricing, loyalty discounts, and other customer-retention offers while forbidding prices that vary among customers because an algorithm used consumer-identifying inputs. Retailers will need to map which systems and data feeds feed pricing rules and whether any in-store display technology can produce individualized outputs.The statute also limits data collection and usage: it bars collecting or using data belonging to minors under 17 for targeted advertising or personalized pricing and places a carve on use of protected-class attributes when they result in denied accommodations or differential pricing.
Financial services and licensed insurers are explicitly excluded from the chapter’s reach, narrowing the bill’s coverage to retail goods sales in physical stores.Enforcement is concentrated with the Iowa Attorney General, who may sue for violations and seek injunctive relief; the bill also preserves a private right of action for aggrieved persons. Courts may impose civil penalties and are instructed to interpret the chapter liberally to maximize its lawful effect.
The statute mixes prescriptive obligations for retailers with broad prohibitions on certain data-driven pricing techniques, leaving open a range of implementation and evidentiary questions for regulators and judges.
The Five Things You Need to Know
Required disclosure: if a retailer uses consumer-specific algorithmic pricing in an advertised price, the establishment must display the exact notice: THIS PRICE WAS SET BY AN ALGORITHM USING YOUR PERSONAL DATA.
Electronic shelving labels and any digital shelf display technology cannot be used to present personalized algorithmic or surveillance pricing; stores must instead use nondigital price presentations (signs, stickers, labels, tags).
The bill targets 'food retail establishments' that either exceed 15,000 square feet and primarily sell household foodstuffs or exceed 85,000 square feet with at least 10% of sales floor dedicated to nontaxable food merchandise.
The statute bars collecting data belonging to minors under 17 and forbids using such data for targeted advertising or personalized algorithmic pricing.
Enforcement: the attorney general may seek an injunction after serving notice and courts may impose civil penalties up to $7,500 per violation; penalties collected go to the state general fund and individuals may bring private suits.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Key technical and scope definitions
Section 1 supplies the operative language that determines coverage and enforcement. Important definitional choices include an expansive definition of "algorithm" (covering AI and facial recognition), a narrow exclusion of location data from "consumer data," and a workable definition of "surveillance pricing" tied to electronic surveillance technologies (sensors, cameras, device tracking, biometrics). Those textual choices will shape disputes over what inputs count as covered data, whether a pricing model retraining cadence qualifies as "dynamic and surveillance pricing," and whether hybrid systems escape the statute by relying on non-covered inputs.
Mandatory disclosure when consumer-specific algorithms set displayed prices
This subsection requires notice to customers whenever a retailer knowingly advertises or displays a price derived from algorithmic personalization using consumer-specific data. The obligation is to give a "clear and conspicuous" disclosure in the same medium and proximate to the price display. Practically, retailers will have to establish process controls to detect when an algorithmic rule produced a displayed price and ensure point-of-display signage or prints meet the bill's conspicuousness standard.
Ban on ESLs for personalized pricing; mandatory nondigital price presentation
The bill bars use of electronic shelving labels (and any digital shelf display technology) when they would present personalized algorithmic or surveillance pricing; it then requires nondigital presentations such as paper signs, stickers, or labels. The statute includes detailed guidance for nondigital unit-price displays (what information must appear and where signs should be located), which creates specific merchandising and operational requirements for stores that currently rely on ESLs or dynamic digital pricing to manage item-level prices.
Limits on minors' data and use of protected-class information
The bill flatly prohibits collecting data belonging to persons under 17 for targeted advertising or personalized pricing. Separately it forbids using protected-class data in pricing if that use results in withholding accommodations or produces price differences against other individuals or groups. That two-part protected-class test raises evidentiary questions—retailers must be able to show how model inputs are used and that outputs do not operate in discriminatory ways.
Financial services and insurers carved out
The statute excludes financial-services providers and licensed insurers from these restrictions. Those carve-outs limit the bill’s reach to typical retail goods and lessen potential conflicts with federal financial regulations, but they also require firms with mixed operations to map which business lines fall inside or outside the chapter when they use shared pricing platforms or customer data.
Attorney general enforcement, injunctions, private suits, and civil fines
Section 3 grants the attorney general authority to sue and seek injunctions (with a statutory five-calendar-day notice hook for injunction petitions) and preserves a private right of action for aggrieved persons. Courts may impose civil penalties (up to $7,500 per violation) with proceeds directed to the general fund. The provision also allows courts to enjoin conduct without requiring proof of individual injury, which lowers the evidentiary threshold for remedial relief but can increase litigation risk for retailers.
Construction clause favoring effectiveness
A short interpretive clause directs courts to construe the chapter liberally to preserve its maximum lawful effect. That instruction signals legislative intent to give broad remedial scope where possible, and it will influence judicial approaches to ambiguous phrases like "dynamic and surveillance pricing" or what constitutes a "clear and conspicuous" disclosure.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- In-store consumers wary of individualized pricing: they gain protection from opaque, algorithm-driven price differences and clearer in-aisle disclosure when personalization occurs.
- Privacy advocates and families: the explicit cutoff for minors under 17 creates a concrete protection against profiling and targeted offers tied to children’s in-store behavior.
- Competing retailers that do not use individualized pricing: chains that rely on uniform pricing and nondigital shelf displays avoid competitive pressure from algorithm-enabled rivals and gain a more level playing field.
Who Bears the Cost
- Large grocery retailers and chains (15,000+ sq ft or the 85,000/10% configuration): they must disable or redesign ESL deployments, modify pricing systems, and potentially replace hardware and workflows.
- ESL and retail-tech vendors: firms selling digital shelf-labeling systems, real-time pricing platforms, or in-store surveillance analytics face reduced demand in covered stores and will need product redesigns to comply.
- Compliance/legal teams and courts: businesses will incur compliance program, auditing, and potential litigation costs; the attorney general’s office and state courts may see heavier caseloads enforcing vague or disputed compliance obligations.
Key Issues
The Core Tension
The bill pits consumer privacy and anti-discrimination protections—preventing opaque, surveillance-driven individualized pricing—against retailers’ ability to use data and automated tools to manage prices, react to supply conditions, and offer targeted promotions; protecting one set of interests reduces operational flexibility and raises compliance and litigation costs for businesses, with no single mechanism in the bill to balance those competing objectives.
The bill stitches bright-line bans and detailed sign rules into a broader, intentionally expansive framework—but that combination creates practical and legal tensions. The statute excludes location data from the definition of consumer data while otherwise covering a wide array of surveillance inputs; that carve-out may permit some sensor-driven pricing methods to persist and will invite litigation over whether particular inputs (e.g., device identifiers or MAC-address-derived signals) qualify as location data or "consumer data." Similarly, prohibiting ESLs for personalized pricing is technology-specific: it addresses one vector of individualized pricing but leaves open whether other in-store digital surfaces or mobile apps can reproduce the same effect.
Enforcement and remedies present another tension. The attorney general can seek injunctions without proof of individual injury and the law preserves private suits, but the per-violation cap ($7,500) invites disputes about what counts as a single violation (per item, per day, per store, per incident).
The statute’s liberal-construction clause signals aggressive judicial interpretation, yet vagueness around terms like "knowingly," "clear and conspicuous," and the mechanics of algorithmic retraining may shift burdens to courts to craft workable standards. Finally, the bill protects against discriminatory outputs but does not establish a technical compliance regimen (audits, model documentation, third-party testing), leaving businesses to decide how to demonstrate compliance and exposing them to litigation risk absent regulatory guidance.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.