WHAT THIS BILL REGULATES · 1 REQUIREMENT TYPE
How Is This Bill Enforced
Verbatim statutory text on the left; plain-language analysis and a per-section checklist on the right. Numbered markers cross-link to the matching checklist row.
(3) "Automated-decision systemAutomated-decision system"Automated-decision system": (a) Means a computational process, including one derived from algorithms, machine learning, artificial intelligence, statistics, and other data processing techniques, that processes personal data to make a decision or facilitate human decision-making regarding surveillance pricing; and (b) Excludes word processing software, spreadsheet software, map navigation systems, web hosting, domain registration, networking, caching, website-loading, data storage, firewalls, anti-virus, anti-malware, spam- and robocall-filtering, spellchecking, calculators, database, or similar technologies, provided that these technologies do not make decisions regarding surveillance pricing.KRS 367.3611(3)": (a) Means a computational process, including one derived from algorithms, machine learning, artificial intelligence, statistics, and other data processing techniques, that processes personal dataPersonal data"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. Personal data does not include de-identified data or publicly available information.KRS 367.3611(22) to make a decision or facilitate human decision-making regarding surveillance pricingSurveillance pricing"Surveillance pricing": (a) Means offering or setting a customized price increase for a good or service for a specific consumer or group of consumers, based in whole or in part, on individualized data collected through electronic surveillance technology; and (b) Includes the use of technological methods, systems, or tools including, but not limited to sensors, cameras, device tracking, biometric monitoring, or other forms of observation or data collection that are capable of gathering personally identifiable information about a consumer's behavior, characteristics, location, or other personal attributes, whether in physical or digital environments.KRS 367.3611(33); and (b) Excludes word processing software, spreadsheet software, map navigation systems, web hosting, domain registration, networking, caching, website-loading, data storage, firewalls, anti-virus, anti-malware, spam- and robocall-filtering, spellchecking, calculators, database, or similar technologies, provided that these technologies do not make decisions regarding surveillance pricingSurveillance pricing"Surveillance pricing": (a) Means offering or setting a customized price increase for a good or service for a specific consumer or group of consumers, based in whole or in part, on individualized data collected through electronic surveillance technology; and (b) Includes the use of technological methods, systems, or tools including, but not limited to sensors, cameras, device tracking, biometric monitoring, or other forms of observation or data collection that are capable of gathering personally identifiable information about a consumer's behavior, characteristics, location, or other personal attributes, whether in physical or digital environments.KRS 367.3611(33);
(4) "Base priceBase price"Base price" means the lowest price for a specific good or service offered by a controller to any consumer in Kentucky.KRS 367.3611(4)" means the lowest price for a specific good or service offered by a controllerController"Controller" means the natural or legal person that, alone or jointly with others, determines the purpose and means of processing personal data.KRS 367.3611(10) to any consumerConsumer"Consumer" means a natural person who is a resident of the Commonwealth of Kentucky acting only in an individual context. Consumer does not include a natural person acting in a commercial or employment context.KRS 367.3611(9) in Kentucky;
(19) "Individualized dataIndividualized data"Individualized data" means personal data collected through electronic surveillance technology, observation, inference, or tracking of a consumer's online activity or device characteristics, including but not limited to browsing history, search history, precise geolocation data, device hardware characteristics, or operating system.KRS 367.3611(19)" means personal dataPersonal data"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. Personal data does not include de-identified data or publicly available information.KRS 367.3611(22) collected through electronic surveillance technology, observation, inference, or tracking of a consumerConsumer"Consumer" means a natural person who is a resident of the Commonwealth of Kentucky acting only in an individual context. Consumer does not include a natural person acting in a commercial or employment context.KRS 367.3611(9)'s online activity or device characteristics, including but not limited to browsing history, search history, precise geolocation data, device hardware characteristics, or operating system;
(33) "Surveillance pricingSurveillance pricing"Surveillance pricing": (a) Means offering or setting a customized price increase for a good or service for a specific consumer or group of consumers, based in whole or in part, on individualized data collected through electronic surveillance technology; and (b) Includes the use of technological methods, systems, or tools including, but not limited to sensors, cameras, device tracking, biometric monitoring, or other forms of observation or data collection that are capable of gathering personally identifiable information about a consumer's behavior, characteristics, location, or other personal attributes, whether in physical or digital environments.KRS 367.3611(33)": (a) Means offering or setting a customized price increase for a good or service for a specific consumerConsumer"Consumer" means a natural person who is a resident of the Commonwealth of Kentucky acting only in an individual context. Consumer does not include a natural person acting in a commercial or employment context.KRS 367.3611(9) or group of consumersConsumer"Consumer" means a natural person who is a resident of the Commonwealth of Kentucky acting only in an individual context. Consumer does not include a natural person acting in a commercial or employment context.KRS 367.3611(9), based in whole or in part, on individualized dataIndividualized data"Individualized data" means personal data collected through electronic surveillance technology, observation, inference, or tracking of a consumer's online activity or device characteristics, including but not limited to browsing history, search history, precise geolocation data, device hardware characteristics, or operating system.KRS 367.3611(19) collected through electronic surveillance technology; and (b) Includes the use of technological methods, systems, or tools including, but not limited to sensors, cameras, device tracking, biometric monitoring, or other forms of observation or data collection that are capable of gathering personally identifiable information about a consumerConsumer"Consumer" means a natural person who is a resident of the Commonwealth of Kentucky acting only in an individual context. Consumer does not include a natural person acting in a commercial or employment context.KRS 367.3611(9)'s behavior, characteristics, location, or other personal attributes, whether in physical or digital environments;
Section 1 of the bill amends the definitions section of the Kentucky Consumer Data Protection Act to add four new defined terms: automated-decision system, base price, individualized data, and surveillance pricing. The automated-decision system definition is narrowly scoped — it covers only computational processes that process personal data to make or facilitate decisions regarding surveillance pricing, explicitly excluding general-purpose software and infrastructure tools. The surveillance-pricing definition is broad, encompassing both digital and physical data collection methods (sensors, cameras, device tracking, biometric monitoring) used to set customized price increases based on individualized consumer data.
The existing definitions are renumbered to accommodate the new terms, and the existing definition of biometric data is added as a standalone subsection (5) — previously it was not separately defined in the KCDPA.
(1)(f) 1 Not engage in surveillance pricingSurveillance pricing"Surveillance pricing": (a) Means offering or setting a customized price increase for a good or service for a specific consumer or group of consumers, based in whole or in part, on individualized data collected through electronic surveillance technology; and (b) Includes the use of technological methods, systems, or tools including, but not limited to sensors, cameras, device tracking, biometric monitoring, or other forms of observation or data collection that are capable of gathering personally identifiable information about a consumer's behavior, characteristics, location, or other personal attributes, whether in physical or digital environments.KRS 367.3611(33), or offer, set, or display a price for a purchasable good or service to a consumerConsumer"Consumer" means a natural person who is a resident of the Commonwealth of Kentucky acting only in an individual context. Consumer does not include a natural person acting in a commercial or employment context.KRS 367.3611(9) using an automated-decision systemAutomated-decision system"Automated-decision system": (a) Means a computational process, including one derived from algorithms, machine learning, artificial intelligence, statistics, and other data processing techniques, that processes personal data to make a decision or facilitate human decision-making regarding surveillance pricing; and (b) Excludes word processing software, spreadsheet software, map navigation systems, web hosting, domain registration, networking, caching, website-loading, data storage, firewalls, anti-virus, anti-malware, spam- and robocall-filtering, spellchecking, calculators, database, or similar technologies, provided that these technologies do not make decisions regarding surveillance pricing.KRS 367.3611(3) that is based, in whole or in part, on individualized dataIndividualized data"Individualized data" means personal data collected through electronic surveillance technology, observation, inference, or tracking of a consumer's online activity or device characteristics, including but not limited to browsing history, search history, precise geolocation data, device hardware characteristics, or operating system.KRS 367.3611(19). The base priceBase price"Base price" means the lowest price for a specific good or service offered by a controller to any consumer in Kentucky.KRS 367.3611(4) for all purchasable goods and services shall be the same for all prospective consumersConsumer"Consumer" means a natural person who is a resident of the Commonwealth of Kentucky acting only in an individual context. Consumer does not include a natural person acting in a commercial or employment context.KRS 367.3611(9) regardless of their individualized dataIndividualized data"Individualized data" means personal data collected through electronic surveillance technology, observation, inference, or tracking of a consumer's online activity or device characteristics, including but not limited to browsing history, search history, precise geolocation data, device hardware characteristics, or operating system.KRS 367.3611(19). However, this paragraph shall not be construed to prohibit any of the following: 1. An adjustment of the base priceBase price"Base price" means the lowest price for a specific good or service offered by a controller to any consumer in Kentucky.KRS 367.3611(4) based on a real-time, non-individualized factor, such as current market demand, inventory levels, competitor pricing, or time-of-day, provided that the adjusted price is applied uniformly to all consumersConsumer"Consumer" means a natural person who is a resident of the Commonwealth of Kentucky acting only in an individual context. Consumer does not include a natural person acting in a commercial or employment context.KRS 367.3611(9) seeking the good or service at that time and in that region, regardless of the consumerConsumer"Consumer" means a natural person who is a resident of the Commonwealth of Kentucky acting only in an individual context. Consumer does not include a natural person acting in a commercial or employment context.KRS 367.3611(9)'s individualized dataIndividualized data"Individualized data" means personal data collected through electronic surveillance technology, observation, inference, or tracking of a consumer's online activity or device characteristics, including but not limited to browsing history, search history, precise geolocation data, device hardware characteristics, or operating system.KRS 367.3611(19); 2. An offer of a different price, rate, level, or quality of goods or services to a consumerConsumer"Consumer" means a natural person who is a resident of the Commonwealth of Kentucky acting only in an individual context. Consumer does not include a natural person acting in a commercial or employment context.KRS 367.3611(9) who is a bona fide participant in a voluntary loyalty, rewards, premium features, discounts, or club card program where the difference is clearly disclosed and does not rely on individualized dataIndividualized data"Individualized data" means personal data collected through electronic surveillance technology, observation, inference, or tracking of a consumer's online activity or device characteristics, including but not limited to browsing history, search history, precise geolocation data, device hardware characteristics, or operating system.KRS 367.3611(19) beyond what is necessary for program operation; or 3. Price differences based solely on legitimate, verifiable costs, such as shipping costs to different geographical zones or costs related to the method of service delivery.
Section 2 amends the controller duties section of the KCDPA to add a new subsection (1)(f) prohibiting controllers from engaging in surveillance pricing. The prohibition is two-pronged: controllers may not engage in surveillance pricing as defined, and may not use an automated-decision system to offer, set, or display a price for a purchasable good or service that is based in whole or in part on individualized data. The base price for all goods and services must be the same for all prospective consumers regardless of their individualized data.
The provision includes three narrow carve-outs: (1) real-time, non-individualized price adjustments applied uniformly to all consumers (e.g., dynamic pricing based on market demand, inventory levels, competitor pricing, or time-of-day); (2) bona fide voluntary loyalty and rewards program pricing where differences are clearly disclosed and do not rely on individualized data beyond program operation needs; and (3) price differences based solely on legitimate, verifiable costs such as shipping to different geographic zones. These carve-outs define the boundary between prohibited surveillance pricing and permissible dynamic or differentiated pricing.
This Act may be cited as the Kentucky Price Fairness Act.
Section 3 provides the short title: the bill may be cited as the Kentucky Price Fairness Act. This is a naming provision only and creates no compliance obligation.