The Continuing Expansion of Algorithmic Software Laws – Best Practices for Companies in an Evolving Landscape

New York recently expanded its algorithmic pricing laws, now requiring retailers to disclose when prices are set with algorithmic software based on consumers’ personal data. The so-called practice of surveillance pricing entails adjusting prices charged for goods and services according to monitored personal data. For example, an airline could use a consumer’s personal data, such as location, frequent flyer status, past searches, and even device type, to adjust the price shown to a particular consumer when they book a flight such that consumers would be presented with a different price for the same flight based on differences in their search profile.

New York’s law is calling for more transparency—requiring retailers to clearly and conspicuously disclose to consumers when prices are set by an algorithm using a consumer’s personal data. While the new requirement will impact a broad spectrum of businesses, including any entities domiciled or doing business in New York, the law provides exemptions for businesses in the insurance sector, certain financial institutions, and certain subscription contexts, such as when lower prices are offered to existing subscribers. Location data used solely for calculating for-hire or rideshare fares is also excluded from the disclosure mandate. Violators can expect to receive a cease-and-desist letter from the Attorney General, specifying the violation and a cure timeline. If violators persist, the Attorney General may seek an injunction to restrain further offenses, and a court may impose a civil penalty of up to $1,000 per violation.

This latest statute follows on the heels of New York’s legislation directed at the housing industry, prohibiting landlords from using software or data analytics to set rents, lease terms, and occupancy targets, as detailed in a prior Competition Corner post. Given the varied landscape and increasing regulation, it is important for companies to understand their own technology and consult with counsel to ensure their practices withstand scrutiny.

WAVE OF SIMILAR LAWS PROGRESSING IN OTHER STATES

With the increased use of algorithmic software in a wide range of industries, states across the country are racing to enact broader measures that address algorithmic pricing concerns. California, for instance, has two pending bills. A.B. 446 would restrict grocery establishments from engaging in customized price increases for goods based on electronically surveilled personal data. Even broader, California’s S.B. 259 would allow consumers to ask businesses to delete their collected personal information and to withhold selling or sharing it with third parties. The bill would also prohibit offering a price to a consumer through their online device if that price is based on certain input data, like the presence or absence of software on the device used.

Similar to California’s A.B. 446, Massachusetts’s proposed law would prohibit grocery stores from suggesting products or adjusting prices according to a customer’s biometric data collected through in-store surveillance systems. Illinois’s proposed legislation, by contrast, reaches both retail and service industries, prohibiting the use of surveillance data to adjust prices charged for goods and services on an individual consumer basis.

Meanwhile, Pennsylvania has three bills in the works: (1) the Surveillance Pricing Act, or H.B. 1942, would prohibit the practice of surveillance pricing; (2) H.B. 1533 would impose criminal and civil liability for using AI systems to price-fix, bid-rig, or allocate markets; and (3) H.B. 1779, which closely resembles New York’s disclosure law, would require persons or entities to disclose the use of personal consumer data when engaging in algorithmic pricing. Relatedly, Texas is considering whether the use of “algorithmic pricing systems” to generate a pricing recommendation should be deemed a deceptive trade practice.

BEST PRACTICES

With algorithmic pricing bills gaining traction, now is the time for companies to reevaluate their business models and pricing processes.

• Understand Your Technology: Collaborate with IT to understand how your company’s pricing algorithms operate and assess the scope of your data-collection systems, including how consumer data is collected and what consumer information is monitored and stored. This insight will help identify potential legal risks and ensure your algorithms are designed and deployed in compliance with laws and local ordinances.
• Audit Data Collection Practices and Pricing Policies: Collect only the consumer data necessary for permitted uses and track the purpose behind each data point. With overlapping state privacy and pricing laws, confirm that your data collection and pricing practices align with disclosure and consent requirements.
• Implement a Compliance Program: Establish a comprehensive compliance program to address algorithmic pricing risks and deliver periodic training to address risks related to antitrust, consumer protection, and data privacy. Implement monitoring and auditing mechanisms to identify and remediate potential violations.
• Monitor Legislative Developments: Stay ahead of emerging state laws, as a patchwork of transparency and disclosure obligations is likely. Proactive compliance planning will help avoid costly adjustments later.

Winston & Strawn has in-depth experience in navigating the complexities of emerging regulations. Please contact the authors of this article or your Winston & Strawn relationship attorney with any questions.