If Udemy is sold, merges with another company, or goes through bankruptcy, your personal data could be transferred to the new owner, who would then govern it under their own privacy policy.
This analysis describes what Udemy's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
A change in corporate ownership could result in your data being governed by a materially different privacy policy, potentially with broader data-use rights than you originally agreed to.
Removal of explicit M&A data transfer disclosure may indicate integration into broader data handling provisions or reduced transparency around transaction-related data transfers.
View full change record →This provision means that in a corporate transaction, your personal data including account, payment, and learning history could pass to a new entity, and the protections you rely on today may change after such a transfer.
How other platforms handle this
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Loyalty and partner program companies. We share information with our loyalty and partner program companies, like Ulta Beauty and Marriott.
Monitoring
Udemy has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If Udemy is involved in a merger, acquisition, asset sale, or bankruptcy proceeding, your personal data may be transferred as part of that transaction. In the event of such a transaction, we will provide notice before your personal data is transferred and becomes subject to a different privacy policy.— Excerpt from Udemy's Udemy Privacy Policy
1. REGULATORY LANDSCAPE: Under GDPR, transfer of personal data in a corporate transaction requires a lawful basis for the new processing entity; the policy's notice commitment is a positive step but does not itself establish a GDPR-compliant transfer mechanism. The FTC has previously taken enforcement action regarding acquisitions where post-merger data use exceeded what users originally consented to (FTC v. Facebook/WhatsApp being a frequently cited context, though not directly binding on Udemy). CCPA requires that the acquiring entity honor opt-out and deletion requests made prior to the transaction. 2. GOVERNANCE EXPOSURE: Medium. This is a standard clause in most platform privacy policies, but its practical impact depends on the acquirer's data governance practices. The policy's commitment to provide notice before transfer is a meaningful transparency obligation, though it does not grant users a right to prevent the transfer or delete their data prior to it. 3. JURISDICTION FLAGS: EU/EEA users have the strongest protections, as GDPR requires that any new controller establish an independent lawful basis and, where processing materially changes, provide updated Article 13/14 notices. California residents retain CCPA rights against the acquiring entity. Users in jurisdictions without comprehensive privacy law have the least recourse if the acquirer changes data practices post-transaction. 4. CONTRACT AND VENDOR IMPLICATIONS: Enterprise clients and B2B partners should review whether their DPAs with Udemy include provisions governing assignment of the agreement in a change-of-control scenario, and whether successor entities are required to honor existing DPA terms. Due diligence in a potential acquisition of Udemy would include assessment of outstanding data subject requests, regulatory investigations, and the scope of personal data held. 5. COMPLIANCE CONSIDERATIONS: Organizations relying on Udemy for enterprise learning should monitor for any announced corporate transactions involving Udemy and review updated privacy terms promptly. Compliance teams should confirm whether existing DPAs and data transfer mechanisms remain valid following any such transaction.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
A change in corporate ownership could result in your data being governed by a materially different privacy policy, potentially with broader data-use rights than you originally agreed to.
This provision means that in a corporate transaction, your personal data including account, payment, and learning history could pass to a new entity, and the protections you rely on today may change after such a transfer.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Udemy.