Key Points: California Attorney General Rob Bonta announced a sweep concerning so-called “surveillance pricing” or “algorithmic pricing” The AG highlights potential CCPA privacy violations tied to the use of individualized pricing models based on a lack of transparency and failure to comply with the CCPA’s “purpose limitation” principle. Other regulators are likely to follow suit — now is the time to assess and mitigate potential compliance and enforcement risks.

On January 27, 2026, California Attorney General (AG) Rob Bonta announced an investigative sweep focused on businesses that use consumer data to individualize prices for their goods or services. Bonta framed the issue as follows:

“Consumers have the right to understand how their personal information is being used, including whether companies are using their data to set the prices that Californians pay, whether that be for groceries, travel, or household goods. We need to know whether businesses are charging people different prices for the same good or service — and if they’re complying with the law.”

The California Department of Justice (DOJ) is issuing written inquiries to businesses with substantial online operations in the retail, grocery, and hotel industries that leverage individualized pricing. It is requesting certain information on this issue, including details about:

• Companies’ use of consumer personal information to set prices.
• Policies and public disclosures regarding personalized pricing.
• Any pricing experiments undertaken by companies.
• Measures companies are taking to comply with algorithmic pricing, competition, and civil rights laws.

This post summarizes the basis for the California DOJ’s investigatory sweep, how it intends to apply California Consumer Privacy Act (CCPA) requirements, and how businesses can prepare for and mitigate the risk of these inquiries and potential enforcement actions.