Countdown to Data Privacy Day 2026: New York’s Algorithmic Pricing Disclosure Act Imposes New Disclosure Requirements on Businesses

January 22, 2026

By: Amber L. Lawyer, Mario F. Ayoub, and Courtney Ryan

New York’s groundbreaking Algorithmic Pricing Disclosure Act (the Act) took effect on Nov. 10, 2025. The Act requires businesses operating in New York to disclose the use of algorithmic pricing models and introduces significant implications for how businesses communicate with consumers and rely on consumer data.

Algorithmic pricing models leverage consumers’ personal data and automated decision making technology to set dynamic pricing based on consumers’ location, income and purchase history, among other information. “Dynamic pricing” refers to pricing that fluctuates dependent on consumers’ personal data. Personal data is broadly defined to mean data that identifies or could reasonably be used to identify a person. The Act may be particularly relevant to companies that offer mobile apps and loyalty programs, which are designed to collect personal data from customers and generate valuable marketing insights based on customer behavior or demographics.

What does the Act Require? The Act requires most New York businesses that use algorithmic pricing models to clearly display a disclosure stating: “THIS PRICE WAS SET BY AN ALGORITHM USING YOUR PERSONAL DATA.” The required disclosure must appear alongside any price display, statement, image, announcement, offer, advertisement or promotional material where personal pricing is used, using lettering and wording that is easily visible and understandable to the average consumer. Notably, the Act does not prohibit dynamic pricing or the use of personal data, provided companies comply with the new disclosure requirements.

Who must comply with the Act? The Act applies broadly to any entity domiciled, doing business, or offering goods or services in New York that utilizes personalized algorithmic pricing methods, including retailers, e-commerce platforms and service providers. However, certain industries and individuals are exempt from the Act, including:

  • Insurance companies regulated under state law;
  • Regulated financial institutions;
  • For-hire vehicles (such as Uber or Lyft) and transportation network company vehicles using location data solely to calculate the fare based on mileage and trip duration; and
  • Subscription based services offering lower prices than the set contractual rate.
     

How is the Act Enforced? Notably, the Act does not provide a private right of action and only the New York State Attorney General has the power and authority to enforce the Act. If the Attorney General suspects that an entity has allegedly violated the Act, the Attorney General will issue a cease and desist letter to the entity at issue that specifies the alleged violation(s) and the remedies to cure within a designated timeframe. If the entity does not cure the violation(s) in time, the entity may be subject to an injunction and/or a civil penalty of up to $1000 per violation.  

Recommendations for Covered Entities: Organizations doing business in New York should consider taking the following steps to avoid regulatory attention:  

  • Conduct a Data Mapping Exercise. Identify where personal data is collected and used in pricing decisions to ensure full compliance. For instance, many companies do not realize that cookies and other tracking technologies automatically collect personal data from website users. If this data is introduced to a pricing model, disclosure is required.
  • Implement Disclosure Mechanisms. Ensure that the required statement is displayed clearly and conspicuously alongside any personalized price.
  • Develop Automated Disclosure Systems. Use technology to automatically append required disclosures in real time across websites, mobile apps and other consumer touchpoints.
  • Train Staff and Continuously Monitor Compliance. Provide ongoing training for all staff, including marketing, legal and technology teams. Regularly review internal practices and policies to ensure continued compliance.
  • Audit Algorithms for Bias and Privacy Compliance. Ensure that pricing algorithms do not result in discriminatory outcomes and that personal data is handled in accordance with privacy laws when leveraging personal information.
  • Update Privacy Policies and Terms of Use. Ensure that privacy policies and terms of use reflect the use of algorithmic pricing and consumer rights under the Act.
  • Continuously Monitor Regulatory Guidance. Stay informed of updates from the Attorney General and best practices within your particular industry.
     

For more information or assistance with the new Algorithmic Pricing Disclosure Act and related cybersecurity and privacy issues, contact Amber Lawyer, Mario AyoubCourtney Ryan or any member of Bond, Schoeneck & King PLLC’s cybersecurity and data privacy practice group.