Thomson Reuters allows users to request access to, correction of, deletion of, or restrictions on their personal data, and to opt out of data sales, depending on where they live and what laws apply.
This analysis describes what Thomson Reuters's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The availability and enforceability of these rights varies significantly by jurisdiction, meaning not all users have the same level of protection or ability to control their data.
Interpretive note: The specific rights available depend on the user's jurisdiction, and the statement conditions rights on applicable law rather than providing universal guarantees, creating variability in consumer experience.
You may be able to access, correct, delete, or restrict how Thomson Reuters uses your personal information, and in some jurisdictions opt out of data sales, but the specific rights available depend on your location and applicable law.
How other platforms handle this
In addition to the above rights, your local laws (including those in the EU, UK, Japan, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia, or Utah) may afford you f...
California law gives residents the right to know what personal information we collect, use, share or sell; to delete personal information under certain circumstances; to opt-out of the sale or sharing of their personal information; to correct inaccurate personal information; to limit the use and dis...
If you would like to opt out of the disclosure of your personal information for purposes that could be considered "sales" for those third parties' own commercial purposes, or "sharing" or processing for purposes of targeted advertising, please visit the following link, which is also available in the...
Monitoring
Thomson Reuters has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Depending on your location and subject to applicable law, you may have certain rights with respect to your personal information, including the right to access, correct, delete, restrict processing, object to processing, and data portability. You may also have the right to opt out of the sale or sharing of your personal information. To exercise your rights, please submit a request through our privacy portal or contact us at privacy.issues@thomsonreuters.com.— Excerpt from Thomson Reuters's Thomson Reuters Privacy
REGULATORY LANDSCAPE: Data subject rights engage GDPR Articles 15-22 (access, rectification, erasure, restriction, portability, objection, and automated decision-making rights), CCPA and CPRA (right to know, delete, correct, opt out of sale and sharing, and limit sensitive personal information use), UK GDPR, PIPEDA, and various other national frameworks. Rights under GDPR are generally more comprehensive and enforceable than those under U.S. state law. The right to opt out of sale under CCPA and CPRA is particularly relevant given Thomson Reuters' data broker operations. GOVERNANCE EXPOSURE: Medium. The breadth of rights asserted and the inclusion of non-customer individuals (whose data may appear in information products) creates significant operational complexity for rights fulfilment. The statement provides a centralised portal, which is good practice, but compliance teams should assess response time compliance (30 days under GDPR, 45 days under CCPA) and identity verification procedures. JURISDICTION FLAGS: EU and EEA users have the strongest rights under GDPR, including the right to lodge complaints with supervisory authorities. California users have CPRA rights including the right to opt out of sale and the right to limit sensitive personal information use. UK users have rights under UK GDPR. Users in jurisdictions without comprehensive privacy law may have limited enforceable rights under this statement. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers acting as data controllers must ensure Thomson Reuters, as a processor, has mechanisms to assist with data subject rights requests that originate from their own users and are passed through to Thomson Reuters for fulfilment. DPAs should specify response timelines and procedures for rights request forwarding. COMPLIANCE CONSIDERATIONS: Compliance teams should test Thomson Reuters' privacy portal to confirm it accepts and processes rights requests within legally required timeframes, assess identity verification procedures for sufficiency without being unnecessarily burdensome, and confirm that rights requests from non-customers (whose data appears in information products) are handled with equivalent rigour.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The availability and enforceability of these rights varies significantly by jurisdiction, meaning not all users have the same level of protection or ability to control their data.
You may be able to access, correct, delete, or restrict how Thomson Reuters uses your personal information, and in some jurisdictions opt out of data sales, but the specific rights available depend on your location and applicable law.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Thomson Reuters.