PrivacySignal
Analysis

Your Grocery Store Knows What You'll Pay Before You Do

New Jersey just passed the Fair Price Protection Act, banning surveillance pricing in groceries — the third state to act. But read it as a privacy law: it limits how your data is used at the register, not whether the store can build the 62-page profile in the first place.

The Signal Desk ·

What Happened

On June 30, the New Jersey Legislature passed the Fair Price Protection Act. The Senate vote was 22-14. The Assembly vote was 51-20-1. The bill now sits on Governor Mikie Sherrill's desk, and she is expected to sign it. She campaigned on this.

The law does two things.

First, it makes surveillance pricing in grocery sales a violation of the state Consumer Fraud Act. Stores and third-party delivery platforms cannot use your personal data — including biometric data, genetic information, or protected class characteristics — to charge you a different price than the shopper next to you for the same item.

Second, it puts a one-year moratorium on new electronic shelf labels in the state's grocery stores. Those are the digital price tags that let a store change prices remotely, in real time, across every shelf at once.

If Sherrill signs, New Jersey joins Maryland and Connecticut as the third state to restrict surveillance pricing. New York's version is on Governor Hochul's desk. More than 50 similar bills have been introduced across 26 states. This is a wave, and it is early.

What Surveillance Pricing Actually Is

Strip away the branding — "personalized pricing," "dynamic offers" — and the practice is simple. A company builds a profile on you. Your browsing history. Your location. Your inferred income. Your family size. Then it uses that profile to decide what price to show you.

Not what the product costs. What you will pay.

This is not hypothetical. In December 2025, Consumer Reports ran an experiment with Instacart. Nearly 400 shoppers bought the same basket of goods from the same stores at the same time. They got different prices. Same product, same shelf, same minute — different price, based on who was asking.

Consumer Reports also investigated Kroger's data practices. One shopper filed a data access request under a state privacy law. The response was a 62-page profile. Inferences about income. Family size. Education level. That is the raw material of surveillance pricing, and it is sitting in retail databases right now.

What the Law Does Not Do

Read the carve-outs, because that is where this law will be tested.

The Act does not touch promotional discounts. It does not touch loyalty programs. It does not stop a store from offering group pricing to broadly defined categories — teachers, veterans, seniors.

Those exceptions sound reasonable. They are also the pressure point. Consumer Reports supported the bill and still flagged the loyalty program carve-out as a loophole: if a store can vary discounts through a loyalty program based on your data, the ban on varying prices matters less than it appears. The discount becomes the mechanism. The sticker price stays "equal" while the price you actually pay does not.

Industry pushed the opposite line. Business groups and legislative Republicans argued the bill threatens the everyday discounts shoppers rely on. One Republican post put it bluntly: "Kiss your ShopRite PricePlus card good-bye." The sponsors say that is wrong — loyalty programs are explicitly exempt. Both sides are pointing at the same carve-out. One calls it a loophole. The other calls it endangered.

When both flanks are aiming at the same clause, that clause is where enforcement fights will live.

The Part Everyone Is Missing

The coverage of this law is an affordability story. Groceries cost too much, algorithms make it worse, New Jersey acted. Fair enough. That is why it passed with bipartisan votes.

But look at it as a privacy law, because that is what it is.

The Fair Price Protection Act does not restrict what data a grocer collects. Not one byte. The 62-page Kroger profile stays legal. The tracking pixels, the loyalty card scans, the location data — all of it can still be gathered, stored, and sold. The law restricts one downstream use of that data: setting individual grocery prices.

This is the direction American privacy law keeps drifting. We do not limit what companies have. We limit what they do with it, one use at a time. Geofence data, one rule. Employment algorithms, another. Grocery prices, now a third. The profile itself — the thing that makes every one of those harms possible — remains untouched.

Use-based rules are not worthless. This one will probably stop the most blatant version of the practice in one state, in one industry. But a use restriction with carve-outs is a leaky container, and the loyalty program exception shows exactly where this one leaks. The data is still there. The incentive is still there. The only question is whether the workaround is compliant.

What Comes Next

The union coalition behind this bill is not stopping in New Jersey. The UFCW has organized a 50-state campaign, and Illinois is the next target during its fall veto session. Expect more states, and expect the bills to differ in scope — Connecticut's law covers more than groceries and takes effect July 2027.

Watch three things. Whether Sherrill signs as expected. Whether the loyalty program carve-out gets tightened in the next session, as Consumer Reports is pushing. And whether any state moves upstream — from restricting the pricing to restricting the profiling that powers it.

Until one does, the deal stands: the store can know everything about you. It just can't use it at the register. In New Jersey. For groceries.

That is the signal this week.


Sources: EPIC, Consumer Reports, New Jersey Monitor, Newsweek, ROI-NJ, Progressive Grocer.

Analysis reflects the views of the author and is provided for general information — it is not legal advice. See our methodology.

← More analysis