Thomson Reuters can change its privacy policy at any time and primarily notifies users by updating the date on the policy page, meaning you would need to check the page yourself to notice changes.
This analysis describes what Thomson Reuters's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Changes to the privacy policy may expand the ways your personal data is used, and the primary notification method (updating the effective date) may not provide adequate notice to users who do not regularly review the policy.
Material changes to how Thomson Reuters handles your personal data may take effect after only updating the date on the policy webpage, without direct notification to you in all cases, which could affect your ability to respond to changes that affect your rights.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Thomson Reuters has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may update this Privacy Statement from time to time. When we do, we will update the effective date at the top of this page. In some cases, we may provide additional notice, such as by adding a statement to our website or by sending you a notification. We encourage you to review this Privacy Statement periodically to stay informed about how we are protecting your information.— Excerpt from Thomson Reuters's Thomson Reuters Privacy
REGULATORY LANDSCAPE: Privacy policy update and notification practices engage GDPR's transparency requirements, which require that data subjects be informed of material changes to processing, and CCPA and CPRA requirements for clear and conspicuous notice of changes to privacy practices. The FTC has cited inadequate change notification as an unfair or deceptive practice in privacy enforcement actions. GOVERNANCE EXPOSURE: Low to Medium. The statement reserves the right to change terms with notice by updating the effective date, which is standard practice but may not satisfy GDPR's transparency obligations for material changes, particularly where the change expands data use or introduces new data categories. The qualifier 'in some cases' for direct notification is permissive rather than requiring affirmative notice for material changes. JURISDICTION FLAGS: GDPR and UK GDPR require proactive notification of material changes to data processing. California CPRA requires conspicuous notice of material changes to privacy policies. EU and UK regulators may expect direct notification (e.g., by email) for changes that materially affect data subject rights. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers' DPAs and master service agreements should include specific provisions requiring Thomson Reuters to provide advance notice (typically 30 days) of material changes to its privacy practices that affect the processing of enterprise customer data, rather than relying on the public policy update mechanism. COMPLIANCE CONSIDERATIONS: Compliance teams should implement a monitoring process to review the Thomson Reuters privacy statement periodically for material changes, and consider subscribing to any Thomson Reuters notification service for policy updates. DPAs should include a change notification clause with defined notice periods.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Changes to the privacy policy may expand the ways your personal data is used, and the primary notification method (updating the effective date) may not provide adequate notice to users who do not regularly review the policy.
Material changes to how Thomson Reuters handles your personal data may take effect after only updating the date on the policy webpage, without direct notification to you in all cases, which could affect your ability to respond to changes that affect your rights.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Thomson Reuters.