• by Wendy Davis  @wendyndavis, May 6, 2025

Menswear retailer Todd Snyder has agreed to pay nearly $350,000 to settle charges that it violated a California law that requires website operators to allow consumers to opt out of the selling or sharing of their data.

The allegations, unveiled in an order issued Tuesday by the California Privacy Protection Agency, partially stem from an apparent technical glitch in the retailer's site.

According to the agency, Todd Snyder told website visitors they could opt out of data sharing, but didn't actually allow them to do so for 40 days in late 2023 because its opt-out mechanism was improperly configured. During that time, consumers who clicked on a “cookie preference center” were met with a banner that immediately disappeared, leaving them without a way to reject data sharing, the agency alleged in its written order.

The agency claimed Todd Snyder would have known about the glitch if it had monitored its site. Instead, the retailer “deferred to third-party privacy management tools without knowing their limitations or validating their operation,” according to the order.

The Privacy Protection Agency additionally alleged that Todd Snyder required some consumers to submit more information than necessary to process opt-out requests -- including their names, emails and a government issued document such as a passport or driver's license. That demand violated state regulations that prohibit companies from collecting more data than necessary to process opt-out requests, the agency says.

The new order comes around two months after the agency fined American Honda Motor more than $600,000 over alleged deficiencies in its opt-out procedures.

In that matter, the car marketer allegedly required consumers to provide “excessive” personal information in order to opt out of the sale or sharing of their data, and offered an opt-out tool that was not “symmetrical” because it allowed consumers to consent to the sale or sharing of their information with a single step, but required people to take more than one step to reject the sale or sharing of their data.