Researcher control is a core ORCID principle, so email addresses registered and added to the ORCID record are set as visible to the record holder only by default. Researchers must choose to set their email address as accessible to everyone (i.e. public) or to trusted parties (i.e. limited access) for the address to be read by third parties.
If the researcher has their email address listed as trusted-party access only, it will be returned with the record if the researcher has granted you read-limited access. For more information, see ORCID visibility settings.
In addition, the ORCID XSD 2.x includes a contributor-email element under contributors in certain sections of the ORCID record, e.g. works. However the ORCID API strips any contributor-email data added, and it is not stored in the ORCID record in any form. (The contributor-email data will be removed in future versions.) Instead, we recommend adding the ORCID iDs of contributors that have been collected via authentication using the contributor-orcid element. For more information, see What information should I add about work contributors?