What are the institutional and regulatory implications of this document?

1. REGULATORY LANDSCAPE: This policy engages GDPR (EU Regulation 2016/679) enforced by EU data protection authorities including national supervisory authorities and the Irish Data Protection Commission where Udemy maintains EU establishment; CCPA and CPRA enforced by the California Privacy Protection Agency and California Attorney General; FERPA where Udemy for Business or institutional licensing involves student educational records; and FTC Act Section 5 for unfair or deceptive data practices …

How does Udemy's Udemy Privacy Policy affect users?

The agreement establishes that Udemy collects identifiers, device information, learning activity, payment data, and usage analytics from all users, and authorizes sharing with advertising, analytics, and third-party service providers for platform operation and marketing purposes. Under these terms, user learning behavior and engagement data may be used for personalized advertising and course recommendations, with cross-context behavioral advertising subject to opt-out for California residents. …

How often is Udemy's Udemy Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Udemy updates this document?

Yes. Monitor subscribers ($19/month) can add Udemy to their watchlist and receive same-day email alerts whenever this document or any other Udemy document changes.

CA-D-000164

Udemy Privacy Policy

Udemy

Last change detected May 31, 2026 Privacy policy

SHA-256: a1993e26a39a1034b1e… 4 versions captured 3 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Udemy ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

7 Total

1 High severity

6 Medium severity

0 Low severity

Summary

Udemy's privacy policy governs how the platform collects and uses personal data from learners, instructors, and visitors across its online course marketplace and mobile apps. The policy authorizes collection of identifiers, browsing and course activity data, device information, and payment details, and permits sharing of this data with advertising, analytics, and business partners, including for targeted advertising purposes. California residents and EU users are granted specific rights including access, deletion, and opt-out of data sale or sharing for cross-context behavioral advertising, exercisable through account settings or a designated privacy request process.

Technical / Legal Breakdown

This document is Udemy's privacy policy governing the collection, use, storage, and disclosure of personal data by Udemy Inc. and its affiliates across the udemy.com platform and associated mobile applications, establishing the legal basis for data processing under applicable frameworks including GDPR, CCPA, and FERPA where relevant. The policy states that Udemy collects identifiers, device information, course progress and activity data, payment information, communications content, and usage analytics, and the terms authorize sharing of this data with advertising partners, analytics providers, payment processors, corporate affiliates, and third-party service providers. The policy reserves the right to use personal data including learning activity and behavioral data for personalization, marketing, and platform improvement purposes, and the terms authorize cross-context behavioral advertising subject to opt-out mechanisms disclosed for California residents. The policy engages GDPR for EU and EEA users, CCPA and CPRA for California residents, FERPA for educational records contexts involving institutional customers, and FTC Act consumer protection standards; applicable law in these jurisdictions may constrain certain data uses asserted in the policy beyond what the document text alone establishes. Material compliance considerations include the scope of data sharing with third-party advertising and analytics partners, the adequacy of consent mechanisms for cross-border data transfers, and the policy's application to Udemy for Business enterprise accounts where institutional data handling obligations may differ from consumer-facing terms.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

3 important changes detected

4 versions captured · Last updated: May 2026

May 31, 2026

low

What changed Udemy updated the last-updated date in its Privacy Policy from April 21, 2026 to May 29, 2026. This is a metadata change to the document timestamp and does not reflect substantive modifications to the privacy terms, rights, or data practices described in the policy itself.

Why this matters The updated timestamp does not indicate a substantive change to Udemy's privacy practices, data collection, retention, or user rights. The policy continues to apply as previously stated. No action is required on the user's part.

View full change record →

April 22, 2026

low

What changed Udemy added a comprehensive preamble to its Privacy Policy on April 22, 2026, introducing the policy's scope and purpose. The new language states that Udemy respects user privacy and explains how data is collected, used, and shared. It clarifies that the policy applies to Udemy websites, mobile apps, APIs, and related services, and also covers prospective customers and Udemy Business users, with a separate privacy statement available for enterprise program participants.

Why this matters Udemy added introductory language to its Privacy Policy clarifying what the policy covers and how it applies across different Udemy services and customer types. This is primarily a transparency and organizational change that helps users understand the scope of the policy rather than a substantive change to data practices. No material change to user rights, data handling practices, or consent requirements is evident from the added language.

View full change record →

April 19, 2026 low

The Udemy Privacy Policy was updated on April 19, 2026, with one sentence modified in the document footer. The update changed the stated last-updated date from April 21, 2026 to …

View change record →

Recent Provision Changes May 31, 2026

Added (3)

Personal Data Collection Scope Medium

New provision addressing what categories of personal data are collected, indicating expanded transparency requirements around data collection practices.

EU and EEA Data Subject Rights (GDPR) Medium

New provision establishing explicit GDPR compliance and EU/EEA user rights, representing heightened regulatory focus on European data protection.

Cookies and Tracking Technologies Medium

New dedicated provision on tracking technologies, suggesting clearer disclosure of cookie usage and tracking consent mechanisms.

Removed (4)

Data Sharing in Merger or Acquisition

Removal of explicit M&A data transfer disclosure may indicate integration into broader data handling provisions or reduced transparency around transaction-related data transfers.

Cross-Border Data Transfers (EU-U.S. Data Privacy Framework)

Removal of specific DPF certification language may indicate outdated framework reliance or integration into the new GDPR provision, potentially obscuring international data transfer compliance mechanisms.

Children's Privacy and Age Restriction

Removal of explicit children's privacy protections and age restriction (16+) disclosure reduces transparency about child data handling and removes direct contact information for privacy concerns.

Instructor Data Access

Removal of explicit instructor data access disclosure reduces user clarity about what learning data is visible to instructors within the platform.

Modified (4)

Third-Party Advertising and Analytics Data Sharing

Severity escalated from medium to high, and excerpt content removed from current version (text not provided).

California Resident Privacy Rights (CCPA/CPRA)

Provision name updated from 'California CCPA/CPRA Rights' to 'California Resident Privacy Rights (CCPA/CPRA)' and excerpt content removed.

Data Retention

Excerpt content removed in current version while maintaining the same provision name and severity.

Udemy for Business Data Handling

Provision renamed from 'Udemy Business Employer Data Sharing' to 'Udemy for Business Data Handling' and severity reduced from high to medium with excerpt removed.

View full change record →

High — 1 provision

Third-Party Advertising and Analytics Data Sharing Compare →

The policy authorizes sharing of user personal data including identifiers, device information, and behavioral data with advertising partners, analytics providers, and other third-party service providers for purposes including targeted advertising and platform analytics.

Added May 11, 2026 Standard Seen across 284 platforms

Medium — 6 provisions

Personal Data Collection Scope Compare →

The policy discloses that Udemy collects identifiers, device information, course activity and progress data, payment information, communications content, and usage analytics from users of the platform and mobile applications.

Added May 21, 2026 Standard Seen across 284 platforms
California Resident Privacy Rights (CCPA/CPRA) Compare →

The policy discloses rights available to California residents under CCPA and CPRA, including the right to know, access, delete, correct, and opt out of the sale or sharing of personal information, with a designated submission process for privacy requests.

Added May 21, 2026 Standard Seen across 284 platforms
EU and EEA Data Subject Rights (GDPR) Compare →

The policy discloses rights available to EU and EEA users under GDPR, including rights to access, rectification, erasure, restriction of processing, data portability, and objection, along with a contact mechanism for exercising these rights.

Added May 21, 2026 Standard Seen across 284 platforms
Cookies and Tracking Technologies Compare →

The policy discloses that Udemy uses cookies, pixel tags, web beacons, and similar tracking technologies to collect device and behavioral data, and provides a cookie management mechanism for users to control certain tracking preferences.

Added May 21, 2026 Standard Seen across 284 platforms
Udemy for Business Data Handling Compare →

The policy addresses data processing in the context of Udemy for Business enterprise accounts, where the enterprise customer may act as data controller and Udemy as data processor, with data handling obligations potentially governed by a separate data processing agreement.

Added May 21, 2026 Standard Seen across 284 platforms
Data Retention Compare →

The policy discloses that Udemy retains personal data for as long as necessary to fulfill the purposes described in the policy, including legal and business purposes, with specific retention periods varying by data category.

Added May 11, 2026 Standard Seen across 284 platforms

Monitoring

Udemy has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Behavioral Advertising Data Sharing and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 31, 2026 06:54 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000164

Version ID CA-V-003218

Source URL https://www.udemy.com/terms/privacy/

Wayback Machine View external archival references →

SHA-256 a1993e26a39a1034b1ebd93e99195dcb61afa794839a71078e457fce0b843e3a

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Udemy Privacy Policy

May 31, 2026

April 22, 2026

Recent Provision Changes May 31, 2026

Monitor governance changes across the platforms you rely on.