ORCID Privacy FAQ

Table of Contents

• What is ORCID, and why should I use it?
• Who owns my ORCID record?
• Where is my ORCID data stored?
• Does Canadian privacy law apply here?
• Can ORCID share my sensitive research data?
• Who can see my information?
• What permissions does the University of Waterloo request?
• What if I no longer want to use ORCID?
• Is ORCID widely trusted?

What is ORCID, and why should I use it?

ORCID provides researchers with a unique digital identifier that connects their publications, grants, and professional activities, reducing administrative burden and improving research visibility.

Who owns my ORCID record?

You do. Researchers create and control their own records. ORCID is a nonprofit organization, independent of publishers and funders.

Additionally, ORCID clearly states “we do not sell your personal information, nor do we share any data with direct marketers ”.

Where is my ORCID data stored?

ORCID is based in the U.S., but it follows strict international privacy standards (including GDPR, the EU’s privacy regulation, which is stricter than Canadian law).
More information on the ORCID Privacy Policy / Data Protection.

Does Canadian privacy law apply here?

The University of Waterloo is subject to Ontario’s FIPPA (Freedom of Information and Protection of Privacy Act). While ORCID itself isn’t Canadian, it complies with global best practices (GDPR) that meet or exceed Canadian standards for transparency and control. More information on the ORCID Privacy Policy / Privacy Rights.

Can ORCID share my sensitive research data?

No. ORCID will never share your information without your consent. ORCID is built with multiple safeguards: you control what information is added, you set the visibility for each item (public, trusted parties, or private), and you can change or delete entri es at any time. The system complies with strict international privacy standards (including GDPR), and no institution or publisher can add or access private information without your permission.

That said, ORCID is meant for professional metadata (affiliations, publications, grants, etc.), not raw or confidential research findings. The safeguards are there to protect your identity and scholarly record, but truly sensitive data (such as the identities of human subjects) should remain in secure research environments.

Who can see my information?

You decide. Every item in your ORCID record can be marked as:

• Everyone (public)
• Trusted parties only (e.g., your institution, if you grant permission)
• Only me (private)

What permissions does the University of Waterloo request?

The University requests permission to:

• Add/update information about you.
• Add/update your research activities.
• Get your ORCID iD.
• Read your information with visibility set to Trusted Parties.

We cannot see private data or push information without your consent.
The University can update or edit record items that it has added. However, the University cannot alter the content of your publications or remove anything you or another trusted organization have added.

What if I no longer want to use ORCID?

You can revoke permissions at any time and even delete your account permanently.

• Information on how to revoke a trusted organization.
• Information on how to deactivate your account.

Is ORCID widely trusted?

Yes. ORCID is used by thousands of institutions, publishers, and funders worldwide, including many in Canada and Europe, where data protection laws are particularly strong.
Here is a list of journals and publishers that require ORCID.