Many of you will have noted the recent ruling by the Court of Justice of the European Union (CJEU), which decided that the Safe Harbour agreement, which was concerned with the transmission of personal data to the US, was invalid. Are there any implications of this for UK organisations joining ORCID through the Jisc national consortium, and using the data and services offered as part of that membership? The short answer is, no. As Laure Haak of ORCID notes:
“As a non-profit organization, ORCID was not eligible to formally participate in the Safe Harbor program. Instead of relying on self-certification under that program, we have gone through additional scrutiny by our European colleagues to ensure that our privacy policies are in line with European privacy requirements. In addition, we undergo an annual review and certification of our privacy policy and practices by an independent third party.”
Institutions as data controllers have a responsibility to ensure an adequate level of protection for the data they share with ORCID, and guidance from the UK Information Commissioner’s Office and European data protection authorities will be issued shortly. However, because researchers expressly opt in to ORCID’s privacy practices when they create an ORCID record, and because ORCID’s system does not collect or store personally sensitive information, it is very unlikely that the CJEU ruling changes how universities should engage with ORCID.
