Thomson Reuters keeps your personal data for as long as it needs to for its stated purposes, legal obligations, or as otherwise permitted by law, rather than for a fixed maximum period.
This analysis describes what Thomson Reuters's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Open-ended retention periods mean personal data may be held for extended periods, particularly where legal or regulatory requirements create long retention obligations, reducing individuals' practical ability to have data deleted.
Interpretive note: The statement does not provide specific retention periods by data category, making it difficult to assess the practical duration of data retention for any given type of personal information.
Your personal information may be retained by Thomson Reuters indefinitely for certain purposes, such as legal compliance, even after you stop using its services or request deletion, with the duration determined by Thomson Reuters based on its assessment of applicable requirements.
How other platforms handle this
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purposes for which it is processed.
Monitoring
Thomson Reuters has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements, and as required or permitted by applicable law. When determining how long to retain personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure, and applicable legal requirements.— Excerpt from Thomson Reuters's Thomson Reuters Privacy
REGULATORY LANDSCAPE: Data retention engages GDPR's storage limitation principle (Article 5(1)(e)), which requires that personal data not be kept longer than necessary for the specified purpose. CCPA and CPRA require disclosure of retention periods or the criteria used to determine them. Sector-specific retention requirements (such as financial records retention under SEC rules or legal records under professional conduct rules) may extend retention obligations for certain data categories processed by Thomson Reuters. GOVERNANCE EXPOSURE: Medium. The statement does not specify retention periods by data category or processing purpose, which is a gap relative to GDPR best practice and CPRA's disclosure requirements. The reliance on open-ended criteria rather than defined schedules makes it difficult for data subjects or enterprise customers to assess whether their data will be deleted within a reasonable timeframe. JURISDICTION FLAGS: EU and EEA regulators expect specific or ascertainable retention periods documented in Records of Processing Activities. California CPRA requires disclosure of the length of time personal information will be retained or the criteria used. UK ICO guidance similarly expects defined or definable retention periods. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers' DPAs should specify retention periods and deletion timelines for data processed by Thomson Reuters on their behalf, rather than relying on the general policy language. Procurement teams should request a data retention schedule covering the specific data categories processed in their context. COMPLIANCE CONSIDERATIONS: Compliance teams should request Thomson Reuters' data retention schedule for relevant processing activities and confirm it aligns with the enterprise customer's own retention policies. Where Thomson Reuters processes data on behalf of a controller, the DPA should specify that data is deleted or returned within a defined period after termination of services.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Open-ended retention periods mean personal data may be held for extended periods, particularly where legal or regulatory requirements create long retention obligations, reducing individuals' practical ability to have data deleted.
Your personal information may be retained by Thomson Reuters indefinitely for certain purposes, such as legal compliance, even after you stop using its services or request deletion, with the duration determined by Thomson Reuters based on its assessment of applicable requirements.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Thomson Reuters.