Researcher control of the access to their own data is a fundamental principle of ORCID: "Researchers control the defined visibility settings of their own ORCID record data."
ORCID provides you three settings:
Information marked as public or everyone can be viewed by anyone who comes to the orcid.org website or consumed by anyone using the ORCID public API. Data marked as public will also be included in the public data file posted annually by ORCID.
Information marked as Trusted parties can be seen by any trusted parties that you have authorized to connect to your ORCID record. These connections require explicit action on your part. You will be asked if you would like to make a specific connection, and once you have confirmed, the trusted party will be able to see information that you have marked as trusted party access in addition to the information marked public. See trusted organizations for more information about trusted parties.
Information marked as private or only me can only be seen by you. It is also used by ORCID algorithms to help distinguish your identity from another person who may have a similar name, be in a similar field, or may be confused with you for other reasons. This information is not shared with others.