The EU’s data watchdogs want to see changes to the draft legislation for the digital euro. European Union laws usually give the European Central Bank (ECB) considerable autonomy and discretion. But when it comes to the privacy of the central bank digital currency (CBDC), the watchdogs believe the devil is in the details. So they want to see less leeway in the legislation. Plus they would like all low-value transactions made privately.
Apart from demanding more details, wherever private data is used, it must be shown to be necessary and proportional.
These recommendations were part of a joint opinion published this week by the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS).
The watchdogs believe that “the value added of a digital euro in a highly competitive payments landscape would reside mainly in its confidentiality.”
Cash like anonymity
At the moment, the offline version of the digital euro is meant to have cash-like anonymity. The watchdogs want a similar treatment for low value online transactions. That’s possible by dropping anti-money laundering rules for smaller transactions. Last month, the U.S. Federal Reserve published a paper asserting that an expectation of anonymity for digital transactions is based on ignorance.
Meanwhile, key digital euro roles are split. On the one hand, there are payment service providers (PSPs) including banks who hold private data about their client’s identities and transactions. On the other hand, the central bank ledger records all the transactions, but without personal data (pseudonymously). This aims to give users comfort that the digital Euro isn’t a Big Brother tool.
Pseudonymous cannnot be optional
However, while there may be an intention to store transaction data pseudonymously, the legislation fails to oblige the ECB or national central banks to do so. And the centralized ledger storing all that data bothers the watchdog, so they’ve offered to provide input on safeguards.
Extra fraud protection
Moving on, according to the draft law, a new fraud detection and prevention mechanism (FDPM) is needed for the digital euro. However, payment service providers already conduct fraud detection. While a separate digital euro FDPM system could make fraud detection more timely and effective, the watchdogs say this is not “sufficient to render the interference with the fundamental rights to privacy and data protection”.
Holding limits creates privacy issues
The digital euro will have holding limits, with a figure of €3,000 floated as an idea. However, users could have digital euro wallets with multiple banks or payment firms. Hence, there’s a need to figure out the total across a person’s wallets. How do you link different wallets to the same person? That requires using personal data to calculate the total holdings. The solution in the legislation is for central banks to establish a ‘single access point of digital euro user identifiers and the related digital euro holding limits’.
That’s potentially problematic. Although they provide an ‘access point’ rather than storing it themselves.
Stepping back, the central bank ledger stores all the transaction data pseudonymously. To calculate global holding limits, there’s additionally a central access point to personal identifiers and some personal data. Hence, it’s critical that the central bank can’t access this second data set, otherwise they can combine the two sets of data and see who made every single transaction.
Unsurprisingly, the watchdogs want to know how the central banks plan to protect the private data for holding limit calculations. They recommend using privacy enhancing technologies (PETs). For example, multi-party computation (MPC) could allow multiple banks to share encrypted data, and calculate the holdings across all of them. They can do that without anyone seeing the data, because it’s only temporarily decrypted on special chips where it’s hard to snoop. Nonetheless, in our view, the central banks should have no physical access to these computers or the gateway.
It’s not all bad
While the watchdogs made several recommendations, they also complimented some aspects. They are delighted the legislation retains the choice to pay in cash and that there are no plans to make the CBDC programmable.
In related news, it was not surprising the ECB decided this week to progress the digital euro to the preparation phase. And the ECB gets to make the final launch decision in the future. That assumes the approval of digital euro legislation, which is perhaps the biggest hurdle for the CBDC.