The policy states that when a user enrolls in a course, Coursera shares the user's name, email address, enrollment status, course activity, and completion data with the university or company that created and offers that course.
This analysis describes what Coursera's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes a routine data disclosure to third-party Content Providers as a function of course enrollment, without requiring a separate opt-in at the time of enrollment. Compliance teams should evaluate whether this disclosure satisfies applicable lawful basis requirements under GDPR and whether it constitutes an educational record disclosure with FERPA implications in institutional contexts.
The updated terms now explicitly disclose that Coursera processes communications through voice-enabled features that transcribe audio into text, and clarify that personal data may be shared with third parties including affiliates and business partners. The policy expands descriptions of AI-driven personalization and chatbot applications that use your learning and interaction data. The terms establish that data may be transferred to entities that become Coursera affiliates or subsidiaries during business transitions. You should review the updated guidance that cautions against including unnecessary or sensitive personal data in the platform's free-text and voice-enabled communication features.
View change record →The updated Privacy Notice removes explicit language stating that the policy does not apply to Coursera's Ollie mobile application and no longer directs users to a separate Ollie Privacy Notice for that app. Previously, users of Ollie had clear notice to consult a dedicated privacy policy; that direction is now absent from the main Privacy Notice. The updated notice also narrows the scope of covered entities by removing 'affiliates' from the definition of Coursera, stating the policy now applies to Coursera, Inc., its subsidiaries, and international branches only. Users of the Ollie App should independently verify what privacy terms currently govern that application, as the main Coursera Privacy Notice no longer explicitly addresses Ollie coverage.
View change record →Under this provision, enrolling in any course on Coursera authorizes the disclosure of the user's name, email, and learning activity to the third-party institution or company that created that course. The agreement does not establish a separate consent mechanism for this disclosure at the point of enrollment.
How other platforms handle this
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.
We may share your personal information with third parties in the following circumstances: With service providers who perform services on our behalf, such as data analytics, marketing, customer service, and technology services. With financial partners, including banks, brokerage firms, and payment pr...
Monitoring
Coursera has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When you enroll in and participate in a course or program, we share information about you with the Content Provider that offers the course or program. This may include information like your name, email address, course enrollment and activity, course completion, and other information related to your participation in the course or program.— Excerpt from Coursera's Coursera Privacy Notice
REGULATORY LANDSCAPE: This provision implicates GDPR Article 6 lawful basis requirements for EEA users and FERPA where the Content Provider or the learner's sponsoring institution qualifies as an educational agency. The FTC Act applies to the adequacy of consumer notice. Where Content Providers are located outside the EEA, cross-border data transfer mechanisms under GDPR Chapter V may be required. GOVERNANCE EXPOSURE: Medium. The disclosure of identifiable learner data to Content Providers is a core operational function, but the absence of a separately documented opt-in or granular consent at enrollment creates potential tension with GDPR transparency and lawful basis requirements for EEA users. FERPA compliance depends on whether Content Providers are categorized as school officials with legitimate educational interest. JURISDICTION FLAGS: EEA and UK users face heightened exposure given GDPR requirements for clearly documented lawful bases and adequate third-party transfer mechanisms. US users enrolled through campus or enterprise programs may have FERPA-protected records implicated. California users should assess whether this disclosure constitutes sharing under CPRA. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams deploying Coursera in enterprise or institutional contexts should confirm whether data processing agreements between Coursera and Content Providers satisfy GDPR Article 28 requirements. The liability allocation for Content Provider misuse of disclosed learner data should be reviewed in institutional contracts. COMPLIANCE CONSIDERATIONS: Legal teams should map which Content Providers receive data, confirm transfer mechanisms for cross-border disclosures, and assess whether enrollment-time notice satisfies applicable transparency requirements. Institutions should document whether Content Provider data receipt qualifies under a FERPA exception.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes a routine data disclosure to third-party Content Providers as a function of course enrollment, without requiring a separate opt-in at the time of enrollment. Compliance teams should evaluate whether this disclosure satisfies applicable lawful basis requirements under GDPR and whether it constitutes an educational record disclosure with FERPA implications in institutional contexts.
Under this provision, enrolling in any course on Coursera authorizes the disclosure of the user's name, email, and learning activity to the third-party institution or company that created that course. The agreement does not establish a separate consent mechanism for this disclosure at the point of enrollment.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Coursera.