Privacy & Cybersecurity Law Blog

On April 28, 2026, Maryland Governor Wes Moore signed into law House Bill 895, the Protection From Predatory Pricing Act (the “Act”), which regulates certain personalized pricing practices used by grocery stores and grocery delivery services. Notably, the Act places substantive limits on how covered businesses may use consumers’ personal data in setting food prices and on certain uses of personal data of members of legally protected classes.

The Act takes effect on October 1, 2026.

Scope of the Act

The Act applies to “food retailers” and “third-party delivery service providers.” A “food retailer” is defined as a merchant operating a business establishment with at least 15,000 square feet that sells food exempt from Maryland sales and use tax under Tax-General § 11-206(c) (i.e., grocery stores). A “third-party delivery service provider” refers to a business that, as a service to consumers, arranges for the delivery of food that qualifies for exemption from sales and use tax under the same provision.

Prohibition on Dynamic Pricing

The Act prohibits food retailers and third-party delivery service providers from using dynamic pricing to set the price of groceries, or to set a higher price for groceries for specific consumers. “Dynamic pricing” means “offering or setting a personalized price for a good or service that is specific to a consumer based on the consumer’s personal data, regardless of whether the seller collected or purchased the personal data.” (The Act incorporates the Maryland Online Data Privacy Act’s definition of “personal data,” meaning information linked or reasonably linkable to an identified or identifiable consumer.)

The Act separately prohibits using the personal data of members of legally protected classes to offer, advertise, or sell consumer goods or services where such use results in a consumer being denied or withheld an accommodation, advantage, or privilege provided to others.

Key Exceptions

The Act’s prohibitions on dynamic pricing do not apply to promotional pricing offers, loyalty or rewards program benefits, subscription-based contracts, or other temporary discounts or pricing changes related to the retention of existing customers. The Act’s dynamic pricing restrictions also do not apply to price differences based on objective criteria, such as costs attributable to (i) serving different consumers (e.g., shipping costs or taxes based on a consumer’s physical location); (ii) costs or differences in supply or demand associated with providing a good or service in different locations; (iii) costs associated with the availability or supply of a good or service; and (iv) corrections resulting from pricing errors.

Additionally, the Act permits food retailers and third-party delivery service providers to offer prices to consumers who consent to provide their personal data or other information in exchange for obtaining the relevant price.

Enforcement

The Maryland Attorney General is responsible for enforcing the Act. The Act provides a guaranteed 45-day cure period with no sunset. The Act does not provide for a private right of action. Violators who fail to cure within the 45-day period may be subject to civil penalties of up to $10,000 per violation or, up to $25,000 per violation for repeat offenders.

State Trends

Other states, such as California (AB-2564), Colorado (HB26-1210), Illinois (SB-2255), New Jersey (SB-3612) and New York (SB-S8623), are considering introducing surveillance pricing bans similar to Maryland's.

In addition to surveillance pricing bans, restrictions on algorithmic pricing are increasing throughout the U.S. For example, New York recently enacted a law that imposes new disclosure requirements on the use of AI for algorithmic pricing.

Takeaways

The Act is the first state law to directly prohibit certain personalized pricing practices, rather than simply requiring disclosures requiring the use of such pricing. The law’s breadth, along with its many exceptions, means that businesses will need to carefully assess whether existing pricing practices are subject to the Act’s restrictions and requirements.