When you visit the Thomson Reuters website, several tracking tools are active on the page, including one that records a sample of user sessions and captures how you interact with the site. A cookie consent tool is present to manage some of these trackers.
This analysis describes what Thomson Reuters's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Session replay technology can capture detailed behavioral data including mouse movements, clicks, and potentially form field interactions, which goes beyond standard analytics; the presence of Facebook tracking also means browsing behavior may be shared with Meta for advertising purposes.
Interpretive note: The tracking technologies are identified from the page source rather than from an explicit privacy or cookie disclosure in the terms of use text itself; the full scope of data collected, retention periods, and third-party sharing arrangements would require review of the separate Thomson Reuters privacy policy and cookie policy.
Visitors to thomsonreuters.com may have their browsing session recorded and replayed by DataDog's RUM tool, and their behavior may be shared with third parties including Meta via the Facebook Connect script, depending on cookie consent selections. EU and UK users have consent rights under GDPR and UK GDPR that may limit this tracking, and the OneTrust tool on the site is the mechanism for exercising those preferences.
How other platforms handle this
American gets this information by using technologies, including cookies, web beacons, and mobile device geolocation to provide and improve our Interactive Services and advertising, including across browsers and devices (also known as cross-device linking). This technical information may be combined ...
We use cookies and similar tracking technologies to track the activity on our Services and store certain information. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Services. You can instruct your browser to refuse all c...
We and our service providers may use cookies, web beacons, pixel tags, and other tracking technologies to collect information about your browsing behavior, device type, IP address, and interactions with our website and advertisements.
Monitoring
Thomson Reuters has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"The document source deploys the following tracking technologies: DataDog RUM with session replay recording enabled (sessionReplaySampleRate: 20, defaultPrivacyLevel: 'mask-user-input'), Adobe DTM loaded via assets.adobedtm.com, Google Tag Manager, AppDynamics browser agent, and a Facebook Connect script loaded from connect.facebook.net, alongside an OneTrust cookie consent management platform (data-domain-script: 143d5191-c678-49f6-8ac0-376dfe324de7).— Excerpt from Thomson Reuters's Thomson Reuters Terms
(1) REGULATORY LANDSCAPE: The deployment of session replay technology engages GDPR Articles 5, 6, and 13 for EU/EEA users, requiring a lawful basis for processing and transparent disclosure in a privacy notice. The UK GDPR imposes equivalent obligations. CCPA and CPRA apply to California residents, requiring disclosure of data sharing with third parties and honoring opt-out rights for sale or sharing of personal information. The Facebook Connect script may constitute sharing of personal data with Meta for cross-context behavioral advertising purposes under CPRA, which requires a mechanism for consumers to opt out. The FTC and relevant EU supervisory authorities are the primary enforcement bodies. The ICO enforces UK GDPR compliance. (2) GOVERNANCE EXPOSURE: High for EU, UK, and California-specific compliance. Session replay tools that capture user interaction data, even with input masking, may constitute processing of personal data under GDPR if users are identifiable. The deployment of Meta tracking pixels on a business-to-business information services site raises questions about the necessity and proportionality of that data sharing under GDPR's data minimization principle. (3) JURISDICTION FLAGS: EU and EEA users have the strongest protections under GDPR, requiring valid consent for non-essential cookies and tracking. California residents have CPRA opt-out rights for sharing of personal information with advertising platforms. Illinois BIPA may be relevant if any biometric or behavioral pattern data is captured through session replay. UK GDPR mirrors GDPR obligations post-Brexit. (4) CONTRACT AND VENDOR IMPLICATIONS: Legal teams should confirm that DataDog, Adobe, AppDynamics, and Meta have valid Data Processing Agreements in place under GDPR Article 28. The transfer of personal data to US-based processors requires either Standard Contractual Clauses or another valid transfer mechanism under GDPR Chapter V. The OneTrust configuration should be audited to ensure DataDog session replay and Facebook Connect are correctly categorized as non-essential and gated behind appropriate consent categories. (5) COMPLIANCE CONSIDERATIONS: A full cookie audit should be conducted to confirm all active trackers are disclosed in the cookie policy and correctly mapped to OneTrust consent categories. The session replay tool's privacy level setting ('mask-user-input') should be verified as adequate for GDPR compliance. Data retention schedules for session replay data should be established and documented. California-specific CPRA notices should address the Meta pixel data sharing. Any records of processing activities under GDPR Article 30 should include all identified trackers.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Session replay technology can capture detailed behavioral data including mouse movements, clicks, and potentially form field interactions, which goes beyond standard analytics; the presence of Facebook tracking also means browsing behavior may be shared with Meta for advertising purposes.
Visitors to thomsonreuters.com may have their browsing session recorded and replayed by DataDog's RUM tool, and their behavior may be shared with third parties including Meta via the Facebook Connect script, depending on cookie consent selections. EU and UK users have consent rights under GDPR and UK GDPR that may limit this tracking, and the OneTrust tool on the site …
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Thomson Reuters.