Connecticut just became the second state to ban retailers from using your customers’ personal data to set their prices. On the same day, New York’s legislature passed its own version and put it on the governor’s desk. Two days earlier, Colorado’s governor vetoed a broader bill. Maryland got there first back in April. Four states, four different outcomes, all in about eight weeks. If you run a Shopify store and you have ever installed a “smart pricing,” geo-pricing, or personalized-discount app, this is now your problem to track.
I want to be clear about who this hits, because the headlines make it sound like a grocery-store story. It is not just a grocery-store story. Any online seller that adjusts a shopper’s price based on data tied to that specific person is in scope, and a lot of dropshipping stores do exactly that without thinking of it as “surveillance pricing.” I run Ecommerce Paradise and I have spent 15 years building and managing high-ticket stores, so I’ll break down what these laws actually say, who they touch, and the three or four things worth doing this week so you are not the test case.
When a state AG comes after a pricing practice, the address on your LLC filing is where the notice lands. Northwest puts their own address on your public record instead of your home. See why I use Northwest as my registered agent →
What Happened
On Thursday, Connecticut Gov. Ned Lamont signed a bill that prohibits retailers from using personally identifiable data to customize prices for individual shoppers, according to Retail Dive. That makes Connecticut the second state in the country to put this kind of restriction on the books. The law is scheduled to take effect July 1, 2027, which gives operators a real runway to get compliant.
The same day, New York lawmakers approved the One Fair Price Act, which bars businesses from using algorithms that rely on personal data to offer different prices for the same product. The bill now sits with Gov. Kathy Hochul. If she signs it, it takes effect six months later, and New York becomes the third state to curb personalized pricing, per Consumer Reports, which has been pushing these bills hard. New York Attorney General Letitia James called it “a big victory in our fight to ban surveillance pricing,” according to a statement from her office.
Maryland started the wave. Gov. Wes Moore signed the first state law back in April, and that one goes live October 1, per Grocery Dive. Law-firm analysis from Venable pegs Maryland’s penalties at roughly $10,000 to $25,000 per violation, with no private right of action, meaning the state enforces it rather than letting individual shoppers sue. Roughly two dozen states have introduced some version of a surveillance-pricing bill this year, so the count is going to keep climbing.
Not every bill is passing. On June 2, Colorado Gov. Jared Polis vetoed legislation that would have prohibited companies from using consumer data to generate individualized prices. He said he supports protecting consumers from price gouging but worried the bill was too broad and might discourage “perfectly acceptable uses of technology to set an appropriate price” or to pass along discounts. That veto matters because it tells you the line these laws are trying to draw is genuinely fuzzy, and that fuzziness is where store owners get caught.
What Counts as Surveillance Pricing
Here is the part that trips people up. The thing being banned is not dynamic pricing in general. Raising and lowering a price for everyone based on demand, season, or your own costs is fine. What these laws target is setting a different price for a specific person based on data about that person. Consumer Reports points to browsing history, health conditions, and income as the kind of inputs they do not want feeding a price tag.
Loyalty programs are generally carved out. So are cost-based differences like charging more for delivery to a farther address. The danger zone is the middle: showing a returning visitor a higher price because your app fingerprinted their device, quoting a different number to someone who came from an expensive zip code, or auto-adjusting a checkout offer based on a customer’s purchase history pulled from their email profile. If you cannot explain a price difference with cost or a published loyalty discount, it starts to look like the thing these AGs are now empowered to chase.
A lot of Shopify apps blur this line by design. Personalization tools, geo-pricing plugins, and some “AI discount” apps make individualized pricing the selling point. None of that was illegal a year ago in any state. In Maryland it is illegal in October, in Connecticut in 2027, and possibly in New York by early next year.
How We Got Here
This did not come out of nowhere. The Federal Trade Commission spent the last couple of years studying “surveillance pricing,” and that federal attention gave state legislators and advocacy groups like Consumer Reports the ammunition to move. When the federal level slowed down, the states picked it up, which is the same pattern we have seen with privacy law generally.
At the same time, the tooling got cheap and easy. Five years ago, individualized pricing took a data-science team. Now it is a $29-a-month app you click to install. The technology outran the rules, regulators noticed, and now the rules are catching up state by state. The result for operators is the worst version of compliance: not one federal standard, but a patchwork where the same pricing app might be fine in Texas, illegal in Maryland, and a gray area in New York depending on what data it touches and when each law kicks in.
Why This Matters for Your Store
If you sell high-ticket products, your exposure is lower than a fast-fashion store, but it is not zero. High-ticket buyers are exactly the people who comparison shop, clear their cookies, and check the price from two devices. If your store quotes them two different numbers, you do not just risk a regulatory letter, you lose the sale and the trust. I have always told clients that on a $2,500 product, consistency and credibility convert better than any clever pricing trick, and now there is a legal reason to back that up.
Picture the math on a real example. Say you sell power generators and you run a geo-pricing app that quietly adds 4 percent for visitors from high-income zip codes. On a $3,000 generator that is $120 of extra margin per order, which sounds fine until you realize that same app is now the thing a Connecticut or New York regulator points to, and that the customer who caught it in two browser tabs walked away. You traded a year of compliance exposure and a lost sale for $120. That math was never in your favor, and now it carries a legal deadline on top of it.
The real risk is indirect. Most store owners do not know exactly what their apps do under the hood. You install a conversion or personalization tool, it promises “smart pricing,” and you never check whether “smart” means “individualized by personal data.” When a law like Connecticut’s is on the books, ignorance is not much of a defense. The fix is to audit your stack now, while the deadlines are a year out, rather than after an enforcement letter shows up.
Then there is the address problem, which almost nobody thinks about until it is too late. When a state attorney general or a consumer-protection office decides to look into a pricing practice, they start with your public business filings. If you formed your LLC with your home address, that is the address on the complaint and the address a process server visits. This is exactly why I run my filings through Northwest Registered Agent, which uses its own address on your public record so your home does not become the contact point for every regulator, plaintiff, and data broker. I wrote a full breakdown in my Northwest review if you want the details.
The other piece is your paperwork. Surveillance-pricing laws sit right next to the privacy rules you are already supposed to follow, and a current, accurate privacy policy that discloses what data you collect is part of staying clean. Tools like Termly keep your privacy policy and cookie disclosures current without paying a lawyer every time a state changes the rules. If you are still running the default Shopify privacy template from launch day, that is a gap worth closing.
Honestly, this is the point where a lot of operators realize the back-office side of a real store is more than they signed up for: the LLC, the registered agent, the privacy compliance, the app audit, the supplier agreements. If you would rather have a team handle the build and the boring-but-critical setup correctly the first time, that is what my turnkey done-for-you store build exists for. We set the foundation up clean so you are not patching legal holes 18 months in.
New to this and not sure which of these rules even apply to you yet? Start with the fundamentals before you worry about the edge cases. Grab my free high-ticket dropshipping beginner guide →
What To Do This Week
You do not need to panic, and you do not need a lawyer on retainer yet. You need to know what your store actually does and tighten the obvious gaps. Here is the short list.
- Audit your pricing apps. Open your Shopify app list and find anything that touches price: personalization, geo-pricing, “AI discounts,” dynamic checkout offers. For each one, find out whether it adjusts price based on data tied to an individual shopper. If it does, decide whether you actually need it or whether flat, demand-based pricing converts just as well for your catalog.
- Make your prices consistent across devices and locations. Open your top three products in a regular browser, an incognito window, and your phone on cellular data. If the price changes, figure out which app is doing it. For high-ticket buyers who shop around, consistent pricing is a conversion win on top of a compliance win.
- Update your privacy policy and cookie disclosures. Get your data-collection disclosures current with a tool like Termly so what you say you collect matches what your apps actually collect. This is the cheapest insurance on the list.
- Check your business address exposure. If your LLC filing lists your home address, switch to a registered agent like Northwest before any of this turns into an enforcement letter. My guide on why your store needs an LLC covers the rest of the setup.
- Clean up how you segment in email. Personalized email offers are fine, but if your email platform is firing different prices to different segments based on income or behavior signals, treat that the same as on-site pricing and review it.
- If you are unsure where you stand, get a second set of eyes. I review store setups inside my private coaching and this kind of “what does my stack actually do” audit is exactly the sort of thing worth checking before a deadline, not after.
Frequently Asked Questions
Does this affect me if my store is not based in Connecticut, Maryland, or New York?
Yes, potentially. These laws generally protect shoppers in those states, so if you sell to a customer there, you can be in scope regardless of where your business is registered. Online stores sell across state lines by default, which is the whole compliance headache.
Is all dynamic pricing now illegal?
No. Changing prices for everyone based on demand, season, or your own costs is fine. What is being restricted is setting a different price for a specific person using data about that individual, like browsing history or income.
What about loyalty discounts and free shipping thresholds?
Loyalty programs and cost-based differences such as delivery distance are generally carved out of these laws. The trouble starts with hidden, individualized price changes a shopper cannot see or explain.
I run a high-ticket store with fixed prices. Am I clear?
Mostly, but check your apps. Plenty of stores run “fixed” prices while a personalization or geo-pricing plugin quietly adjusts them. Verify your Shopify setup actually shows everyone the same number.
When do I actually need to be compliant?
Maryland’s law takes effect October 1, Connecticut’s on July 1, 2027, and New York’s six months after the governor signs, if she does. You have a runway, but the audit is a this-week job, not a next-year job.
I am just starting out. Where do I begin?
Build the foundation right before you worry about edge cases. My step-by-step guide to starting a high-ticket store and my 2026 niche breakdown are the place to start.
Want my full step-by-step masterclass on building a high-ticket store the right way? Get the masterclass →
Pricing rules are going to keep changing state by state for the next couple of years, and the operators who win are the ones who keep their setup clean and boring instead of clever. Audit your apps, lock your prices consistent, and tighten your paperwork while the deadlines are still far out. Subscribe to the YouTube channel for daily breakdowns. More breaking news later today.
Related Articles
If this was useful, these go deeper:
- Northwest Registered Agent Review 2026: The Best Registered Agent for Privacy-Conscious Sellers
- Why Your High-Ticket Dropshipping Business Needs an LLC
- Best VPN for Privacy: Top 10 VPNs That Actually Protect Your Data
- Best Domain Registrar for Privacy: Protect Your Identity and Business
- Best Fraud Detection Tools for Ecommerce
Trevor Fenner is an ecommerce entrepreneur and the founder of Ecommerce Paradise, a platform focused on helping entrepreneurs build and scale profitable high-ticket ecommerce and dropshipping businesses. With over a decade of hands-on experience, Trevor specializes in high-ticket dropshipping strategy, niche and product selection, supplier recruiting and onboarding, Google & Bing Shopping ads, ecommerce SEO, and systems-driven automation and scaling. Through Ecommerce Paradise, he provides free education via in-depth guides like How to Start High-Ticket Dropshipping, advanced training through the High-Ticket Dropshipping Masterclass, and fully done-for-you turnkey ecommerce services for entrepreneurs who want a faster, more hands-off path to growth. Trevor is known for emphasizing sustainable, real-world ecommerce models over hype-driven tactics, helping store owners build scalable, sellable, and location-independent brands.
