惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
LINUX DO - 最新话题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Forbes - Security
Forbes - Security
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
W
WeLiveSecurity
Jina AI
Jina AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
News and Events Feed by Topic
V
V2EX
Stack Overflow Blog
Stack Overflow Blog
Engineering at Meta
Engineering at Meta
PCI Perspectives
PCI Perspectives
Martin Fowler
Martin Fowler
T
The Exploit Database - CXSecurity.com
F
Full Disclosure
WordPress大学
WordPress大学
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
SegmentFault 最新的问题
P
Privacy International News Feed
IT之家
IT之家
M
MIT News - Artificial intelligence
G
GRAHAM CLULEY
Hacker News: Ask HN
Hacker News: Ask HN
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
Check Point Blog
美团技术团队
Security Latest
Security Latest
Cyberwarzone
Cyberwarzone
N
News and Events Feed by Topic
MyScale Blog
MyScale Blog
H
Help Net Security
宝玉的分享
宝玉的分享
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
The Cloudflare Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
I
Intezer
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
AI
AI
I
InfoQ
N
News | PayPal Newsroom
TaoSecurity Blog
TaoSecurity Blog

Privacy & Cybersecurity Law Blog

New Hampshire Amends the NHDPA to Prohibit the Sale of Children’s Personal Data Canada’s Proposed Social Media Ban for Children and Chatbot Regulation: Bill C-34’s Impact on Platforms European Commission Unveils Cybersecurity and AI Action Plan European Commission Refers Four Member States to CJEU Over NIS2 Transposition Delays EDPB Opens Public Consultation on New Personal Data Breach Notification Template European Commission Advances New Proposal to Expand Cloud Capacity and AI Infrastructure U.S. Supreme Court FTC Ruling Prompts Fresh Scrutiny of EU-U.S. Data Privacy Framework China Issues New Measures for Network Data Security Risk Assessment China Issues Regulations on Internet Content Multi-Channel Network Distribution Services China’s First Regulatory Framework for Virtual Companions Soon to Take Effect UK Data Protection Complaints Obligations Take Effect Vermont Enacts Significant Amendments to Data Broker Legislation Vermont Becomes 23rd State with Comprehensive Consumer Privacy Law Louisiana Enacts Comprehensive Consumer Privacy Law Connecticut Signs Comprehensive AI Bill into Law China CAC Issues Guidance on Conducting Audits Technology Companies Should Prepare for FTC Enforcement of Take It Down Act HHS Reorganizes Office for Civil Rights Oregon Prohibition on Public Body Disclosures to Data Brokers for Federal Immigration Purposes Now In Effect Connecticut Privacy Law Updates: Data Broker Rules, Geolocation Sale Ban, Surveillance Pricing Restrictions, and Genetic Data Regulations NYDFS Warns of Cybersecurity Risks from Frontier AI Models UK and Australia Announce Memorandum of Understanding on AI Security FTC Announces Settlements With Three Marketing Firms Over Allegations of Deceptive Statements About Active Listening AI-Powered Services Cybersecurity Authorities Issue Joint Guidance on the Adoption of Agentic AI Systems Colorado AI Act Amended and Effective Date Delayed European Commission Releases Draft Guidelines on High-Risk AI Under the EU AI Act Texas AG Announces Lawsuit Against Netflix for Alleged Misrepresentations Regarding User Data UK ICO Recommends Targeted Changes to PECR Rules for Online Advertising California AG Announces Record $12.75M Settlement with GM over CCPA Data Minimization and Purpose Limitation Violations Illinois Department of Human Rights Issues Regulations Governing the Use of AI in Employment Decisions Delta Dental Agrees to $2.25 Million Settlement with NYDFS Over MOVEit Data Breach Response UK ICO Publishes Guidance on Storage and Access Technologies CIPL Report Discusses Significant Alignment between GDPR and Global CBPR CalPrivacy Announces the Agenda for its April 30–May 1 Board Meeting CalPrivacy Requests Preliminary Comments on Notices & Disclosures, Employee Data COPPA Rule Amendment Compliance Deadline Approaches House Republicans Introduce Comprehensive Federal Privacy Bill: “SECURE Data Act” Kentucky Classifies Smart TV Data as Sensitive Alabama Becomes 21st State With Comprehensive Consumer Privacy Law CalPrivacy Director Expects CCPA Compliance Audits in 2026 Virginia Bans Sale of Geolocation Data HHS’ Office for Civil Rights Settles HIPAA Investigation of Health Care Software Company New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data Washington State Enacts Law Regulating AI Companion Chatbots with Private Right of Action Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators
Maryland Enacts First-of-its-Kind Ban on Surveillance Pricing for Grocery Sales
2026-05-06 · via Privacy & Cybersecurity Law Blog

On April 28, 2026, Maryland Governor Wes Moore signed into law House Bill 895, the Protection From Predatory Pricing Act (the “Act”), which regulates certain personalized pricing practices used by grocery stores and grocery delivery services. Notably, the Act places substantive limits on how covered businesses may use consumers’ personal data in setting food prices and on certain uses of personal data of members of legally protected classes.

The Act takes effect on October 1, 2026.

Scope of the Act

The Act applies to “food retailers” and “third-party delivery service providers.” A “food retailer” is defined as a merchant operating a business establishment with at least 15,000 square feet that sells food exempt from Maryland sales and use tax under Tax-General § 11-206(c) (i.e., grocery stores). A “third-party delivery service provider” refers to a business that, as a service to consumers, arranges for the delivery of food that qualifies for exemption from sales and use tax under the same provision.

Prohibition on Dynamic Pricing

The Act prohibits food retailers and third-party delivery service providers from using dynamic pricing to set the price of groceries, or to set a higher price for groceries for specific consumers. “Dynamic pricing” means “offering or setting a personalized price for a good or service that is specific to a consumer based on the consumer’s personal data, regardless of whether the seller collected or purchased the personal data.” (The Act incorporates the Maryland Online Data Privacy Act’s definition of “personal data,” meaning information linked or reasonably linkable to an identified or identifiable consumer.)

The Act separately prohibits using the personal data of members of legally protected classes to offer, advertise, or sell consumer goods or services where such use results in a consumer being denied or withheld an accommodation, advantage, or privilege provided to others.

Key Exceptions

The Act’s prohibitions on dynamic pricing do not apply to promotional pricing offers, loyalty or rewards program benefits, subscription-based contracts, or other temporary discounts or pricing changes related to the retention of existing customers. The Act’s dynamic pricing restrictions also do not apply to price differences based on objective criteria, such as costs attributable to (i) serving different consumers (e.g., shipping costs or taxes based on a consumer’s physical location); (ii) costs or differences in supply or demand associated with providing a good or service in different locations; (iii) costs associated with the availability or supply of a good or service; and (iv) corrections resulting from pricing errors.

Additionally, the Act permits food retailers and third-party delivery service providers to offer prices to consumers who consent to provide their personal data or other information in exchange for obtaining the relevant price.

Enforcement

The Maryland Attorney General is responsible for enforcing the Act. The Act provides a guaranteed 45-day cure period with no sunset. The Act does not provide for a private right of action. Violators who fail to cure within the 45-day period may be subject to civil penalties of up to $10,000 per violation or, up to $25,000 per violation for repeat offenders.

State Trends

Other states, such as California (AB-2564), Colorado (HB26-1210), Illinois (SB-2255), New Jersey (SB-3612) and New York (SB-S8623), are considering introducing surveillance pricing bans similar to Maryland's.

In addition to surveillance pricing bans, restrictions on algorithmic pricing are increasing throughout the U.S. For example, New York recently enacted a law that imposes new disclosure requirements on the use of AI for algorithmic pricing.

Takeaways

The Act is the first state law to directly prohibit certain personalized pricing practices, rather than simply requiring disclosures requiring the use of such pricing. The law’s breadth, along with its many exceptions, means that businesses will need to carefully assess whether existing pricing practices are subject to the Act’s restrictions and requirements.