What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This statement engages GDPR and UK GDPR (covering EU and UK residents respectively, including provisions on lawful basis, data subject rights, cross-border transfers via SCCs, and sensitive data processing under Article 9), CCPA and CPRA (covering California residents with rights to opt out of sale and sharing, correct, delete, and limit sensitive personal information use), PIPEDA and applicable provincial privacy laws for Canadian users, and additional national frameworks…

How does Thomson Reuters's Thomson Reuters Privacy affect users?

Thomson Reuters' policy establishes that personal information may be collected and compiled into information products sold or shared with third parties, including instances where individuals have no direct relationship with Thomson Reuters. The policy creates obligations for Thomson Reuters to honor requests submitted through its privacy rights portal at https://privacyportal.onetrust.com/webform/4a4e6e5b-c2de-4960-b5dd-f82ef55fc6ab/25e0b490-fba0-4278-8de6-f679d1481c71 to access, correct, or de…

How often is Thomson Reuters's Thomson Reuters Privacy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Thomson Reuters updates this document?

Yes. Monitor subscribers ($19/month) can add Thomson Reuters to their watchlist and receive same-day email alerts whenever this document or any other Thomson Reuters document changes.

CA-D-000720

Thomson Reuters Privacy

Thomson Reuters

Last change detected June 26, 2026 Privacy policy

SHA-256: a83ee18dfe057088713… 6 versions captured 5 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Thomson Reuters ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

9 Total

3 High severity

5 Medium severity

1 Low severity

Summary

This document establishes Thomson Reuters' privacy practices governing the collection, use, and disclosure of personal information across its legal, tax, news, and risk products and website. The policy authorizes Thomson Reuters to collect personal data including financial records, government identification numbers, professional history, and in certain contexts health or biometric data, and to use such data in compiling information products for distribution to third parties as part of its data broker operations. The policy establishes procedures for U.S. residents to submit privacy rights requests, including requests to access, correct, or delete personal information, through Thomson Reuters' designated privacy portal.

Technical / Legal Breakdown

This document is Thomson Reuters' global Privacy Statement, governing how Thomson Reuters and its worldwide affiliated companies and subsidiaries collect, use, disclose, and retain personal information across their products, services, and websites, with stated legal bases including consent, legitimate interests, contract performance, and legal obligation. The statement asserts that Thomson Reuters collects a broad range of personal data including contact details, financial information, government-issued identifiers, professional and employment data, location data, device and usage data, and sensitive categories such as health, biometric, and political information, and states that this data may be shared with affiliated entities, business partners, third-party service providers, government authorities, and purchasers in corporate transactions. Notably, the statement covers Thomson Reuters' role both as a data controller and as a data processor on behalf of business customers, and explicitly addresses the use of personal data in AI and machine learning model training, which creates distinct exposure in jurisdictions with emerging AI-specific regulation; the statement also discloses that Thomson Reuters operates as a data broker in certain contexts, compiling and selling information products derived from publicly available and licensed data sources. The statement engages GDPR and UK GDPR for EU and UK residents, CCPA and CPRA for California residents, PIPEDA and provincial equivalents for Canadian users, and a range of additional national frameworks; the document includes region-specific supplemental notices and describes cross-border data transfer mechanisms including Standard Contractual Clauses and adequacy decisions. Material compliance considerations include the adequacy of consent mechanisms for sensitive data processing, the lawfulness of AI training data use under GDPR, and the sufficiency of Thomson Reuters' data broker disclosures under state-level U.S. law.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

5 important changes detected

6 versions captured · Last updated: June 2026

June 26, 2026

low

What changed Thomson Reuters updated a section of their privacy policy on June 26, 2026 that was previously directed at tax, audit, and accounting firms. The revised language now specifically references 'CoCounsel Tax Essentials,' an AI product for tax work designed for mid-market and small CPA firms. This appears to be a product-focused update to a contact or promotional section rather than a substantive privacy policy change affecting data handling, collection, or user rights.

Why this matters This change updates promotional language within the privacy policy document rather than modifying core privacy practices, data collection authorities, or user rights. The revised text now directs tax and accounting professionals to CoCounsel Tax Essentials, Thomson Reuters' AI product for tax work. No changes to how personal data is collected, processed, retained, or shared are indicated in this modification.

View full change record →

June 13, 2026

unknown

What changed Thomson Reuters updated their Thomson Reuters Privacy on June 13, 2026. Change detected: 2 sentence(s) modified. Document contained 345 sentences after update.

View full change record →

June 10, 2026 unknown

Thomson Reuters updated their Thomson Reuters Privacy on June 10, 2026. Change detected: 1 sentence(s) modified. Document contained 345 sentences after update.

View change record →

June 5, 2026 low

Thomson Reuters made three minor navigation and content organization updates to their privacy policy website on June 5, 2026. The changes reorganized product category listings and added 'Labor & employment …

View change record →

May 29, 2026 low

Thomson Reuters updated its privacy policy landing page on May 29, 2026, making three editorial and organizational changes: adding a new marketing tagline ('Our technology powers the professionals who are …

View change record →

Recent Provision Changes Jun 26, 2026

9 provisions unchanged.

View full change record →

High — 3 provisions

AI and Machine Learning Training Use of Personal Data Compare →

Thomson Reuters may use your personal information to train its AI and machine learning systems, including those built into its products, and states it will seek consent where the law requires it.

Added May 10, 2026 Standard Seen across 284 platforms
Data Broker and Information Product Disclosure Compare →

Thomson Reuters collects information about people from public records and other sources, and sells compiled profiles as products, meaning your information could be in a Thomson Reuters database even if you never signed up for their services.

Added May 10, 2026 Standard Seen across 252 platforms
Sensitive Personal Information Processing Compare →

Thomson Reuters may collect highly sensitive personal information, including health records, biometric data, political views, and criminal history, and states it only does so where legally permitted.

Added May 10, 2026 Standard Seen across 284 platforms

Medium — 5 provisions

Cross-Border Data Transfers Compare →

Thomson Reuters transfers personal data internationally and states it uses legal mechanisms such as Standard Contractual Clauses to make those transfers lawful under EU and UK data protection law.

Added May 10, 2026 Standard Seen across 284 platforms
Data Subject Rights and Opt-Out Mechanisms Compare →

Thomson Reuters allows users to request access to, correction of, deletion of, or restrictions on their personal data, and to opt out of data sales, depending on where they live and what laws apply.

Added May 10, 2026 Standard Seen across 284 platforms
Third-Party Data Sharing and Corporate Transactions Compare →

Thomson Reuters may share your personal data with service providers, partners, and other companies, and may transfer it to a new owner if Thomson Reuters itself is acquired or sells a business unit.

Added May 10, 2026 Standard Seen across 252 platforms
Cookie and Tracking Technology Use Compare →

Thomson Reuters uses cookies and similar tracking tools to monitor how you use its websites and communications, and provides a cookie preference centre to manage these settings.

Added May 10, 2026 Standard Seen across 284 platforms
Retention of Personal Information Compare →

Thomson Reuters keeps your personal data for as long as it needs to for its stated purposes, legal obligations, or as otherwise permitted by law, rather than for a fixed maximum period.

Added May 10, 2026 Standard Seen across 284 platforms

Low — 1 provision

Policy Update and Notification Procedure Compare →

Thomson Reuters can change its privacy policy at any time and primarily notifies users by updating the date on the policy page, meaning you would need to check the page yourself to notice changes.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

Thomson Reuters has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI and Automated Processing Disclosures and similar clauses.

Compare across platforms →