Corporations harvest and monetize ever-growing amounts of our personal data, such as our browsing history and physical location. One bitter fruit of this poisonous tree is known as “surveillance pricing”: corporations offer the same product to two different people at two different prices, based on scrutiny of these people’s respective personal data.

Surveillance pricing is bad for privacy, equity, and price transparency. So EFF supports a California bill, S.B. 2564, which would ban this creepy practice.

How Surveillance Pricing Works

In 2025, the Federal Trade Commission (FTC) published a report about the practices of six companies that provide surveillance pricing services to hundreds of other companies, including grocery stores and apparel retailers. The report found that surveillance pricing draws upon customers’ browsing history, physical location, and shopping transaction history. Customers’ data can come from the vendor itself, from its surveillance pricing service provider, or from third-party data brokers. Customers are sorted into groups based on their personal data, as is done for targeted ads. As a result of surveillance pricing, a business might offer two customers different prices for the same product, based for example on whether they are a new parent, or whether they live near a business’s competitor.

As former FTC Chair Lina Khan explained:

Initial staff findings show that retailers frequently use people’s personal information to set targeted, tailored prices for goods and services – from a person’s location and demographics, down to their mouse movements on a webpage.

Unfortunately, the current FTC chair closed the FTC’s portal for public comments regarding surveillance pricing. Fortunately, the California Attorney General has initiated its own investigation of this practice.

Researchers have identified many examples of surveillance pricing:

• The Princeton Review offered people who lived in some zip codes a higher price for test prep services, compared to people in other zip codes. As a result, Asians were twice as likely as non-Asians to be offered a higher price.
• In a year-long study of tens of millions of rides in Chicago, Uber and Lyft offered a higher price for trips that ended in neighborhoods with high non-white populations.
• Tindr offered older people (aged 30 to 49) higher prices for Tindr Plus, compared to younger people (aged 18-29).
• Orbitz offered people who used Apple computers a higher price for hotel rooms, compared to people who used other types of computers.
• Hotel booking sites offered people from San Francisco a higher price for hotel rooms, compared to people from other cities.
• Target offered a higher price to people physically located at the store, compared to people located elsewhere.
• Staples offered a higher price to customers who lived further from the company’s competitors, compared to customers who lived closer.

Why EFF Hates Surveillance Pricing

This practice is harmful in many ways. First, surveillance pricing invades our privacy.  Vendors offer us a price only after scrutinizing our personal data about what we’ve clicked online and where we’ve travelled offline. Moreover, surveillance pricing incentivizes all businesses to harvest as much of our personal data as possible. Some businesses will use it for their own surveillance pricing. Other businesses, which might not themselves use it this way, will sell it to data brokers, which in turn will sell it to others for use in surveillance pricing.

Second, surveillance pricing can disparately burden people of color and other vulnerable groups. For example, as described above, surveillance pricing led to Asian people paying more for test prep services, older people paying more for dating services, and people living in non-white neighborhoods paying more for a ride home.

Third, surveillance pricing is opaque. Many people don’t even know when they’ve been subjected to it. Those that do often cannot determine the unknown reasons for the price they’re offered. As a result, consumer advocates will be less able to publish meaningful price comparisons to help consumers make choices. And regulators will be less able to identify unlawful pricing practices.

Thus, EFF and many other groups object to surveillance pricing.

Its defenders sometimes argue that surveillance pricing benefits consumers because it can lead to lower prices. But while some consumers some of the time might get lower prices because of surveillance of their personal data, other consumers will get higher prices, as shown by the examples above. Some recent studies indicate there will be losers and winners based on factors like whether a consumer is willing or able to switch products. Who loses or wins also will turn on the accuracy of the underlying data – yet surveillance pricing is often based on false information.

In any event, both losers and winners of this price discrimination are harmed by surveillance. Privacy is a human right, not a property to be bought and sold on a market. For this reason, EFF has long opposed pay-for-privacy schemes, in which a company charges a higher price to a customer who refuses to submit to processing of their personal data. Thus, even if surveillance pricing sometimes leads to lower prices (and again, it often will not), we oppose it as just another way that corporations try to make customers pay for their privacy.

What the California Bill Would Do

The key term of California’s S.B. 2564 is short and sweet: “a retailer shall not engage in surveillance pricing.”

The banned practice is defined as: “[i] a customized price for a good for a specific consumer or group of consumers, [ii] based, in whole or in part, on personally identifiable information collected through electronic surveillance,” including if that information is “acquired from a third party.” In other words, “surveillance pricing” is a customized price based on personal information.

The bill has two enforcement methods. First, state and local government may bring enforcement actions, and seek all manner of remedies including monetary penalties. Second, individual consumers may bring their own enforcements lawsuits, and seek the remedies of an injunction and attorney fees. We are pleased the bill provides this private right of action, which is the most important method of enforcement (we’d be even more pleased if the private remedies included liquidated damages).

The bill has three exemptions where surveillance pricing is allowed:

• First, for price differences “based solely on costs associated with providing the good to different consumers.”
• Second, for a discount offered to a consumer who is taking steps to terminate a service.
• Third, for a discount, conspicuously posted on a retailer’s website, that is uniformly available based on (1) criteria anyone can meet, such as signing up for a mailing list, (2) membership in a broadly defined group, such as seniors, or (3) participation in a loyalty program.

The bill’s author is California Assembly Member Chris Ward. Its co-sponsors are Consumer Reports and TechEquity. Its supporters include Consumer Federation, EPIC, Kapor Center Advocacy, Oakland Privacy, Privacy Rights Clearinghouse, labor unions, and other groups. The bill has advanced through the California Assembly and has arrived for consideration in the California Senate.

Why EFF Supports the California Bill

Surveillance pricing is just one part of a much larger problem: corporations maximizing their profits by invading our privacy. The all-too-common business model is to systematically harvest, collate, and store as much of our personal data as possible, and then monetize it through use and sale.

EFF’s general approach to this problem is a strong regulatory framework that we call “privacy first.” For example, laws should require businesses to “minimize” their data processing, meaning they must not collect, store, use, or disclose our data unless doing so is strictly necessary to give us what we asked for. Likewise, laws should require businesses to get our voluntary and informed opt-in consent before processing our data, buttressed by legal bans on coercive pay-for-privacy schemes and manipulative “dark patterns.”

A.B. 2564 is just a specific application of the minimization rule. Nobody who uses a web browser or a mobile app expects that, as a result, their clicks and footsteps will be funneled into personal dossiers, and later used by downstream businesses to offer a higher or lower price.

A.B. 2564 is also a specific application of the “no pay-for-privacy” rule. At its best, surveillance pricing is a corporate offer of a lower price in exchange for a consumer’s submission to surveillance of their personal data. This scheme encourages all people to surrender their privacy in exchange for a lower price. This is especially coercive for people with lower incomes, and thus carries the risk of creating a society of privacy “haves” and “have nots.” And swept into this supposed “bargain” is the potential for higher surveillance-based prices based on false information or erroneous inferences.

Surveillance pricing is very similar to online behavioral advertising, a business practice that EFF urges governments to ban. Both practices incentivize all businesses to collect as much of our personal data as possible, in order to later monetize it. Both practices lead some businesses to collate and store our data into dossiers about us for later use. Both practices use these surveillance-based dossiers to manipulate and limit our economic choices, by altering the advertisements and prices we see online. In the words of the FTC report discussed above: “Existing and common techniques used for targeted advertising can also be used for other forms of targeting prices.”

Absent a specific ban on surveillance pricing, as in A.B. 2564, it would be very difficult to protect the public from the many harms it causes. Corporate price-setting is increasingly opaque, making it difficult for consumers and regulators to determine whether a particular company set a particular price for a particular consumer based on their data, and if so, the particular data that it used. As a result, it would be very difficult in this context to enforce general laws requiring minimization or consent. Moreover, many such laws exempt how a business processes the data it directly collected from its own customers; for example, the California Consumer Privacy Act’s limits on “cross-context behavioral advertising” do not apply to how a business uses personal data it collected on its own website. Yet many practitioners of surveillance pricing (like Tindr) rely on such data.

Finally, there is little to no risk that A.B. 2564 will have unintended consequences that hurt internet users’ speech or technological innovation. The bill does not address any particular type of technology. It does not limit any collection, retention, or disclosure of personal data. It limits only one very narrow and easily defined use of data: use to set a customized price. And it has three broad exemptions.

In sum, EFF is proud to join with other groups in support of California’s A.B. 2564. You can read our support letter here.