• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Connecting Researchers and Research

Sign in/Register
  • About
        • Our Mission
          • 2025 Vision
          • ORCID Trust
          • Annual Reports
        • Team
          • ORCID Board
          • ORCID Team
          • Work with Us!
        • Services
          • Member Portal
          • Annual data files
          • Member API
          • Public API
          • ORCID Registry
        • Governance
          • Bylaws
          • Board Elections
        • Policies
          • Privacy Policy
          • Dispute Procedures
          • Public Client Terms of Service
          • Open Source Project License
          • Public Data File Use Policy
          • Terms of Use
          • Brand Guidelines
  • For Researchers
        • Benefits for Researchers
        • Researcher FAQ
        • Video Tutorials
        • Sign in / Register
        • Get Help
  • Membership
        • Membership Benefits
          • Benefits for Funders
          • Benefits for Publishers
          • Benefits for Research Organizations
          • Benefits for Research Resources
        • Get Membership
        • Member List
        • ORCID Map
        • Membership Comparison
          • Basic Membership
          • Premium Membership
          • ORCID Consortia
        • ORCID Consortia
          • Consortia Agreement
          • Consortia Onboarding Checklist
          • Roles and Responsibilities of ORCID Consortia
  • Documentation
        • Features
          • Member Portal
          • Member API
          • Public API
          • ORCID Registry
          • Annual Data Files
        • Workflows
          • Journal Articles
          • Employment
          • Peer Review
          • Funder and Grants
          • View More
        • Integration Guide
          • Getting Started with Your Integration
          • Sandbox Testing Server
          • Registering a Member API Client
          • Integration and API FAQ
          • View More
        • API Tutorials
          • Get an Authenticated ORCID iD
          • Read Data on a Record
          • Add and Update Data on an ORCID record
          • Hands On with the ORCID API
          • View More
  • Resources
        • ORCID Community
        • Community Programs
          • Certified Service Providers
          • ORCID API Users Group
          • Historical Task Forces, Working Groups, and Steering Groups
        • Get Involved
          • Community Groups
          • Developers
          • Give Feedback
          • ORCID API Users Group
        • Member Resources
          • ORCID Enabled Systems
          • Publishers Open Letter
          • Funders Open Letter
          • Standard Member Agreement
          • Outreach Resources
          • Register a Sandbox API Client
          • Register a Production API Client
  • News & Events
        • News
          • ORCID News
          • Member News
          • Consortia News
          • Integration News
          • Blog
          • Release Notes
        • Events
          • Events Calendar
          • Webinars

Privacy and User Control; Always Top of Mind

March 6, 2020 By Will Simpson

Will Simpson

Privacy and individual control are founding principles of ORCID, and remain a point of focus with both ORCID Members and researchers alike. We continually work to improve the clarity, completeness, and robustness of our privacy policy. As the ORCID Registry grows (not only the number of actual records, but the volume of integrations and assertions associated with them), we are better able to learn about how the registry is used and continually adjust our approach to stay ahead of the latest in data protection practices.

Each year our policy and practices are reviewed against assessment criteria of the EU-U.S. and Swiss-U.S. Privacy Shield Verification Program. TRUSTe has provided a letter of attestation again this year. Here’s what’s new in our privacy policy this year:

Affiliation end dates

As you are probably aware, the ORCID record contains a section for affiliations, including the record holder’s employment at an organization.

If the record holder’s employer is an ORCID member, that organization may post employment affiliation directly to that record if they are granted permission by the record holder to do so. Not only is this convenient and time-saving for the record holder, but by asserting current employment, the member organization builds upon the usefulness of the record by increasing the interoperability of the data.

However, if the record holder revokes permission that was originally granted to post the affiliation before the end of their employment, the member will be unable to update the end date. Therefore, it looks as if the record holder is still employed by the organization when in fact they are not.

Even though this sequence of events is rare in practice, that it is possible at all erodes trust in the assertions, and therefore their usefulness to end users.

So, we have updated the privacy policy to allow member organizations to update data that they added to your record, even if the permission has been revoked. There are still technical details for us to work out, and we’ll be working on the user interface to make sure ORCID record holders are informed and able to make the right choices for them.

Single Sign On

Last year we launched our implementation of OpenID Connect, which opened the door to integrators using ORCID as a sign in mechanism to their systems, using the same standards and software used to implement sign in with Google, Twitter, and other social media platforms.

When you use sign on with social media, it is normal for your email address to be passed to the system you are signing into. However, most ORCID users have their email address set to ‘only me’ visibility. This means that we can’t pass it to the system that you are signing in to.

The OpenID Connect standard does not require email address to be released, but this is a case where common practice diverges wildly from the specification. Many tools and systems expect the email address to be there and fail if it is not. Yes, integrators should be able to use the ORCID iD instead of email as an identifier, but in practice they do not. This has led to some highly undesirable behavior, such as integrators asking users to make their email address public so that they can use sign in with ORCID.

So, we updated the privacy policy to allow the user to grant permission to release their email address to a specific organization, even if it is marked as ‘only me’. We have not implemented this feature yet, but when we do we’ll always ask the user for explicit permission to release the email address in this way.

Other changes

There were some other changes to the policy for clarification and completeness.

  • We added mailing lists to the list of systems covered by the policy (throughout the policy)
  • Clarified the meaning of corporate reorganization (section 6.5)
  • Stated reason for keeping cryptographic hash of email address after record deactivation (section 7.0)

If you have any questions or concerns about ORCID’s privacy policy or these changes, please let us know.

Blog

Filed Under: News, ORCID News

Primary Sidebar

Search

Sign up for blog updates

We will only use your email to notify you when we have new blog posts. You can unsubscribe at any time. See our Privacy Policy for more information.

Check your inbox or spam folder to confirm your subscription.

Recent Posts

  • 2020: A Look Back As We Venture Forward
  • New Integration – GIST
  • New Integration – University of Victoria
  • New Integration – Vidatum Technologies
  • New Integration – Mendel University in Brno

Blog Posts by Category

  • Consortia News (39)
  • Integration News (48)
  • Member News (30)
  • News (429)
  • ORCID News (192)
  • Release Notes (74)
ORCID logo

CC0 The text of this website is published under a CC0 license Images and marks are subject to copyright and trademark protection.

  • About ORCID
  • Privacy Policy
  • Terms of Use
  • Accessibility Statement
  • Contact us
  • Dispute procedures
  • Brand Guidelines
ORCID uses cookies to improve your experience and to help us understand how you use our websites. Learn more about how we use cookies. Dismiss