Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Thomson Reuters' privacy policy, covering how the company collects and uses your personal information across its legal, tax, news, and risk products, as well as its website. The most significant aspect for most people is that Thomson Reuters may collect a wide range of sensitive personal data, including financial records, government ID numbers, and professional history, and may use that data to build information products sold to third parties, since Thomson Reuters operates as a data broker in addition to being a software and media company. If you are a U.S. resident, you should check whether your state grants you the right to opt out of the sale or sharing of your personal information, and submit a request through Thomson Reuters' privacy rights portal if applicable.
This document is Thomson Reuters' global Privacy Statement, governing how Thomson Reuters and its worldwide affiliated companies and subsidiaries collect, use, disclose, and retain personal information across their products, services, and websites, with stated legal bases including consent, legitimate interests, contract performance, and legal obligation. The statement asserts that Thomson Reuters collects a broad range of personal data including contact details, financial information, government-issued identifiers, professional and employment data, location data, device and usage data, and sensitive categories such as health, biometric, and political information, and states that this data may be shared with affiliated entities, business partners, third-party service providers, government authorities, and purchasers in corporate transactions. Notably, the statement covers Thomson Reuters' role both as a data controller and as a data processor on behalf of business customers, and explicitly addresses the use of personal data in AI and machine learning model training, which creates distinct exposure in jurisdictions with emerging AI-specific regulation; the statement also discloses that Thomson Reuters operates as a data broker in certain contexts, compiling and selling information products derived from publicly available and licensed data sources. The statement engages GDPR and UK GDPR for EU and UK residents, CCPA and CPRA for California residents, PIPEDA and provincial equivalents for Canadian users, and a range of additional national frameworks; the document includes region-specific supplemental notices and describes cross-border data transfer mechanisms including Standard Contractual Clauses and adequacy decisions. Material compliance considerations include the adequacy of consent mechanisms for sensitive data processing, the lawfulness of AI training data use under GDPR, and the sufficiency of Thomson Reuters' data broker disclosures under state-level U.S. law.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Thomson Reuters has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle AI and Automated Processing Disclosures and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.