The digital euro project, like any CBDC, is hardly a privacy-friendly initiative. Fortunately, the EU data protection watchdogs are staying alert. On Tuesday, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) shared a Joint Opinion on the proposed Regulation on the European Central Bank (ECB) digital currency. The CBDC has been designed to facilitate online and offline electronic payments and serve as an alternative to physical cash.
In the document, the EDPB and the EDPS commend the project for addressing numerous data protection considerations, including measures to minimize the processing of personal data in offline scenarios. They also stress their support for maintaining the fundamental right to choose between using the digital euro, either in online or offline mode, and paying in traditional cash. Still, the institutions have proposed several suggestions for increasing personal data and privacy protection standards in the digital euro system.
“In particular, we make recommendations to ensure that only the necessary personal data of users of the digital euro is processed, and to avoid excessive centralization of personal data by the European Central Bank (ECB) or national central banks,” the EDPS supervisor Wojciech Wiewiórowski wrote in a press release.
In the document, watchdogs ask for more clarifications regarding the unique identifiers of the CBDC users and the related holding limits. They also demand that the digital euro regulations include “a binding obligation” ensuring pseudonymisation of transaction data with regard to the ECB and national central banks.
Moreover, both institutions highly recommend introducing a “privacy threshold” for digital euro transactions, both online and offline. The limit would prevent authorities from tracking low-value transactions for AML (anti-money laundering) and CFT (combatting the financing of terrorism) purposes.
EDPB deputy chair Irene Loizidou Nicolaidou noted that “a high standard of privacy and data protection is instrumental in gaining citizens’ trust in this new digital currency.” She added that the Joint Opinion aims to ensure that data protection mechanisms are embedded early on, at the stage of designing the European CBDC, and that the regulations clearly define data protection responsibilities related to the digital euro issuance.