What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: The policy engages GDPR and the UK GDPR for EEA and UK users, the CCPA and CPRA for California residents, and references FERPA applicability in the context of institutional and campus arrangements where Coursera may operate as a school official or service provider to educational institutions. The FTC Act is relevant to general consumer data practices. Where Coursera shares learner performance data with Content Providers or enterprise customers, the lawful basis for such sh…

How does Coursera's Coursera Privacy Notice affect users?

The agreement authorizes Coursera to share learner identifiers, course enrollment, progress, and completion data with Content Providers whose courses a user takes, and with enterprise or campus customers who have provided platform access to that user. Under these terms, users enrolled through an employer or educational institution may have their learning activity and assessment performance disclosed to that sponsoring organization. You can manage certain marketing and advertising preferences th…

How often is Coursera's Coursera Privacy Notice updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Coursera updates this document?

Yes. Monitor subscribers ($19/month) can add Coursera to their watchlist and receive same-day email alerts whenever this document or any other Coursera document changes.

CA-D-000158

Coursera Privacy Notice

Coursera

Last change detected May 11, 2026 Privacy policy

SHA-256: 55aa6fed8cf51c41c9a… 6 versions captured 6 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Coursera ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

5 Medium severity

2 Low severity

Summary

Coursera's Privacy Notice describes how the platform collects and uses personal data from learners, instructors, and visitors, including name, contact details, payment information, course enrollment and completion data, assessment results, and device and usage information. The terms authorize sharing learner activity data, including course progress and completion status, with Content Providers (the universities and companies whose courses users take) and with enterprise or campus customers who have sponsored a user's access, meaning institutional sponsors may receive information about individual learner activity. The policy also states that Coursera uses personal data for marketing and advertising purposes and may share data with third-party advertising and analytics partners, with opt-out mechanisms available for certain uses.

Technical / Legal Breakdown

This document is Coursera's Privacy Notice, governing the collection, use, storage, and disclosure of personal data for users of the Coursera online learning platform, with stated legal bases including consent, contractual necessity, and legitimate interests depending on jurisdiction. The policy states that Coursera collects identifiers, contact information, payment data, demographic information, educational history, learning activity and performance data, device and browser information, location data, and communications content; the terms authorize sharing this data with Content Providers (universities and companies offering courses), enterprise customers, business partners, service providers, and in certain contexts, advertising and analytics partners. The policy discloses that learning activity, course performance, and profile information may be shared with Content Providers and enterprise or campus customers without a separate opt-in, which is operationally significant for users enrolled through institutional arrangements, as the agreement states that employers or educational institutions sponsoring access may receive information about learner activity and completion. The policy references GDPR applicability for EEA users, CCPA/CPRA rights for California residents, and FERPA considerations for student records in institutional contexts, with the document stating specific rights frameworks apply depending on the user's jurisdiction. Enterprise and campus license arrangements create layered data-sharing obligations that may require evaluation under both FERPA and GDPR depending on institutional geography and user population.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

6 important changes detected

6 versions captured · Last updated: May 2026

May 11, 2026

low

What changed Coursera's Privacy Notice footer was updated on May 11, 2026 to include a new link labeled 'Do Not Sell/Share' in the footer navigation. This addition appeared between the 'Modern Slavery Statement' link and the 'Learn Anywhere' section. The change makes a consumer rights mechanism more prominent at the page level, though the underlying policy language and operational effect of this mechanism are not detailed in the change summary provided.

Why this matters Coursera added a 'Do Not Sell/Share' link to the footer of its Privacy Notice, making this consumer opt-out mechanism more accessible at the page level. The updated footer now includes this link alongside other legal and compliance resources. The change itself does not modify the underlying data practices or privacy rights, but rather makes an existing or newly available opt-out mechanism more visible to users.

View full change record →

May 11, 2026

medium

What changed Coursera updated its Privacy Notice on May 11, 2026 to clarify data collection and processing practices. The updated language expands descriptions of third-party data sources (now explicitly naming affiliates and business partners), adds detail about voice-enabled communications features and audio transcription capabilities, and broadens language describing AI-driven personalization and chatbot applications. The policy now explicitly mentions processing communications via text and voice, and clarifies that data may be shared with entities that become affiliates or subsidiaries during business transitions.

Why this matters The updated terms now explicitly disclose that Coursera processes communications through voice-enabled features that transcribe audio into text, and clarify that personal data may be shared with third parties including affiliates and business partners. The policy expands descriptions of AI-driven personalization and chatbot applications that use your learning and interaction data. The terms establish that data may be transferred to entities that become Coursera affiliates or subsidiaries during business transitions. You should review the updated guidance that cautions against including unnecessary or sensitive personal data in the platform's free-text and voice-enabled communication features.

View full change record →

May 7, 2026 low

Coursera's Privacy Notice footer was updated on May 7, 2026 to add a 'Cookies Preference Center' link. This change makes it easier for users to manage their cookie preferences directly …

View change record →

May 6, 2026 low

Coursera updated its Privacy Notice on May 6, 2026 to clarify that the main privacy policy does not cover the Ollie mobile application. Two new sentences were added directing Ollie …

View change record →

April 19, 2026 low

Coursera's privacy notice footer was updated on April 19, 2026 to add a link labeled 'Do Not Sell/Share' in the footer navigation. This link appears to relate to consumer privacy …

View change record →

April 18, 2026 medium

Coursera removed two sentences from its Privacy Notice that previously stated the policy did not apply to its Ollie mobile application and directed users to a separate Ollie Privacy Notice. …

View change record →

High — 1 provision

Enterprise and Campus Customer Data Disclosure Compare →

The policy states that when access is sponsored by an employer or educational institution, Coursera may share the user's name, enrollment records, course progress, completion status, and assessment performance with that sponsoring organization.

Added May 21, 2026 Standard Seen across 252 platforms

Medium — 5 provisions

Learner Data Sharing with Content Providers Compare →

The policy states that when a user enrolls in a course, Coursera shares the user's name, email address, enrollment status, course activity, and completion data with the university or company that created and offers that course.

Added May 21, 2026 Standard Seen across 252 platforms
Advertising and Analytics Data Sharing Compare →

The policy states that Coursera uses third-party advertising and analytics technologies that collect device identifiers, browsing activity, and interaction data across Coursera's services and potentially other websites via cookies and similar tracking tools.

Added May 10, 2026 Standard Seen across 252 platforms
California Resident Rights and Opt-Out Compare →

The policy states that California residents have rights under CCPA and CPRA including the right to know, delete, opt out of sale or sharing, and receive non-discriminatory treatment, exercisable through Coursera's privacy request mechanisms.

Added May 21, 2026 Standard Seen across 284 platforms
GDPR Rights for EEA and UK Users Compare →

The policy states that EEA and UK users have GDPR and UK GDPR rights including access, correction, deletion, restriction, objection, and portability, and may lodge complaints with their local data protection supervisory authority.

Added May 21, 2026 Standard Seen across 284 platforms
Data Retention Compare →

The policy states that Coursera retains personal data for the duration necessary to deliver services and as required for legal compliance, financial record-keeping, dispute resolution, security, fraud prevention, and contract enforcement, without specifying fixed retention periods for most data categories.

Added April 18, 2026 Standard Seen across 284 platforms

Low — 2 provisions

Age Restriction and Children's Privacy Compare →

The policy states that Coursera prohibits registration by users under 13, does not knowingly collect personal data from this age group, and states it will remove data collected from under-13 users upon discovery.

Added May 21, 2026 Standard Seen across 284 platforms
Data Security Compare →

The policy states that Coursera implements technical and organizational security measures for personal data but acknowledges that no internet transmission or electronic storage method is fully secure.

Added May 21, 2026 Standard Seen across 284 platforms