Maryland enacts a first-of-its-kind surveillance pricing law, but there are loopholes

On 28 April 2026, Gov. Wes Moore, D-Md., signed into law HB 895, or Maryland's Protection From Predatory Pricing Act, the country's first law to ban surveillance pricing at groceries stores. Shortly after the law was enacted, Consumer Reports issued a news release explaining why this landmark legislation may fail to deliver on its promises.

The conflict between groundbreaking legislation and its practical constraints is the key to the story. Legal and compliance departments in food retail must know exactly what the law requires.

What does surveillance pricing mean?

Surveillance pricing is the setting of individualized prices for the same product at the same time based on personal data. For example, a customer may enter a grocery store, pick up a loaf of bread and the price displayed could be individualized based on their shopping history, location data, search history or other online interactions. 

According to a recent Consumer Reports investigation, Instacart's algorithm pricing experiments were able to set prices up to 23% higher for some products and as a result, the price variations could swing USD1,200 per year. Although the specific program was canceled afterward, Instacart informed Consumer Reports that it would allow retail partners to conduct pricing tests on its platform. 

The infrastructure for surveillance prices is being developed very fast. In 2024, Walmart announced it would deploy digital shelf label technology in all U.S. stores and that it would be in 2,300 stores by the end of 2026. Also, in 2024, the U.S. Federal Trade Commission opened a formal investigation into surveillance pricing. According to its preliminary findings, consumers' personal information, e.g., precise location or browsing history, is regularly used to target consumers with different prices for the same goods.

What HB 895 provides

HB 895 has two sections that operate independently of each other.

Food retailers and third-party delivery services prohibition

Section 13-321 is the main section banning surveillance pricing. The prohibition applies to food retailers with at least 15,000 square feet of food-selling space and third-party delivery service providers. They cannot engage in two practices: dynamic pricing, meaning setting a personalized price for a specific consumer for goods based on their personal data. They also cannot use personal data to charge one consumer higher prices than another.

Additionally, this section prohibits the use of protected class data by food retailers and third-party service providers in their offer or advertisements when such use results in the failure to provide advantages given to others. This provision codifies disparate impact rule stating that discrimination may happen via a system that uses personal data as a proxy for race, religion, nationality, etc.

Mechanics of enforcement

Violations of Section 13-321 of the law are considered unfair, abusive or deceptive practices under Maryland Consumer Protection Act. As a result, retailers are subject to sanctions under that act. Before taking action, the Maryland Attorney General's Consumer Protection Division must notify the retailer about the violation and give them 45 days to cure. If the retailer complies with the demand, no case will be brought against it. Penalties under Maryland Consumer Protection Act may reach up to USD10,000 per violation, or up to USD25,000 per violation for repeat offenses.

Four loopholes 

The legislation leaves four potential paths for businesses to bypass the surveillance pricing ban and keep earning extra money from consumers.

No baseline price

Both prohibitions require proving the consumer paid a higher price than they otherwise would have paid. However, the bill does not define a baseline price for comparison. Any price charged will be interpreted as a discount from the implied price, even if the retailer sets a nominal regular price and offers personalized discounts. This means consumers who do not receive a discount may have to pay a higher price for the same product.

The segment gap

Both prohibitions contained in §13-321 apply only to prices set for one consumer. Dynamic pricing prohibition refers to "a specific consumer." Personal data use prohibition refers to "a single consumer." At first, the enrolled version of the law contained language allowing banning of the use of personal data to set prices for "a specific consumer or a group of consumers," was intentionally removed from the final bill.

Loyalty programs carve-out

The bill explicitly provides that any discounts given by food retailers to consumers participating in loyalty, membership, or rewards programs and subscription pricing are not covered by this prohibition. Loyalty programs are the primary way to collect granular data. Thus, removing loyalty programs from the ban list means removing the biggest chunk of surveillance activity.

Limited enforcement mechanisms 

This is perhaps the most significant loophole. It is also the only one that might affect plaintiffs' decisions. There is no private right of action regarding surveillance pricing ban provided in §13-321. No citizen of Maryland may sue the violator for any compensation or injunctive relief because of a violation of this prohibition. 

Moreover, §13-408 was amended to exclude this section from the private right of action provided for the Maryland Consumer Protection Act. Only the Division of Consumer Protection will be able to take action 45 days after sending notice of violation. In its news release, Consumer Reports said it appreciated that Governor Moore prioritized the issue but criticized "weak enforcement provisions."

What retailers need to do before 1 Oct. 

HB 895 will become enforceable on 1 Oct. 2026, and covered retailers will need to take compliance action before then. 

First, it is important for a retailer to see which data signals enter their pricing system and constitute personal data, i.e., are linked or may be reasonably linked to the consumer.

Second, retailers will need to look at loyalty programs. Exemption exists, but only if all consumers are able to participate in it voluntarily. Make sure this is the case and document your loyalty program meeting this criterion. If loyalty prices are higher than shelf prices for the same product, the structure must be reviewed.

Finally, retailers should monitor other states' legislative initiatives, particularly, California and Illinois, which could pass stricter versions of the law by the end of 2026 and without the loopholes. For nationwide retailers, the strategy must be geared toward the strictest standard rather than the weakest one.

What comes next

The first law regulating a new practice is imperfect. This one establishes surveillance pricing as a concept, provides an enforcement mechanism, serves as a prototype for other states to improve it further. However, it leaves key issues unresolved and does not significantly curtail the practice. The key question is how other states address those unresolved issues before passing their laws.