Digital euro: what is at stake for privacy and personal data protection?

14 February 2022

The European Central Bank (ECB) announced on July 14, 2021, the launch of an experiment concerning the use of the euro only on digital media for deployment as of 2024. The CNIL focuses on the challenges of this project in terms of privacy and calls for a democratic debate on the subject.

What is the "digital euro"?

In October 2020, the European Central Bank (ECB) published a Digital Euro report in order to consult stakeholders, including the general public, on its Digital Euro project.

This form of currency, to be eventually launched in the euro zone, would be available for retail payments (i.e., for everyday spending by individuals and businesses). It goes along with the development of similar projects, notably in Sweden (launch of an e-krona pilot project in February 2021), in the United States (Federal Reserve's works) and in China (the e-yuan is now operational on phones since March 2021 - where the project obviously has geopolitical motivations), but also in the Bahamas, Cambodia, etc.

This project is a response to the development of "crypto-currencies" and Facebook's Libra/Diem project, which has raised strong resistance from financial regulators since 2019. The creation of a "central bank digital currency" would make it possible to compete, for innovative digital uses, with "cryptocurrencies" (wrongly called "private currencies" because they are rather digital tokens registered in a private account and exchangeable for real currencies under certain conditions).

The ECB also acknowledges and wants to answer to the decline in cash payments in favor of digital payment solutions in many European countries. However, the development of a digital euro would not be a substitute for cash, but a complement to it.

Privacy, the main issue of the digital euro

In April 2021, the ECB published the results of its public consultation on the digital euro. For 43% of respondents, privacy is the most important issue, ahead of security (18%). This result can be observed regardless of the respondent's country of origin, socio-demographic characteristics or status (citizen, industry professional, merchant, NGO, academic, etc.). The majority of respondents were in favor of "a digital euro based on confidentiality and protection of personal data, usable offline".

The European Data Protection Committee (EDPB) thus sent a letter to the European institutions on June 18, 2021 concerning this digital euro project, outlining its main developments and challenges.

The decision to launch the project, starting with a two-year pilot phase, was announced by the ECB on July 14, 2021, with a target implementation date of around 2024 after a final decision. As underlined by the EDPB, only the pilot phase of the project, as the parameterization choices have not yet been defined, will allow the digital euro to be privacy-protective from the outset ("privacy by design").

To date, the major choices of architecture for the future digital euro (centralized or decentralized, on a blockchain or not, distributed by the ECB or by banks, based on an account or on digital tokens, with ceilings or not, etc.) have not yet been decided. The digital euro will, in any case, be issued by the European Central Bank and will circulate in electronic wallets, independently of other means of payment.

Trust drivers for this new form of euro

In view of public demand, a very high standard of privacy and data protection will be one of the main keys to the success of the future digital euro. This will be one of the elements of trust for users, who must have the freedom to choose their means of payment in order to retain control over the amount of data collected during a payment.

While today, cash allows for anonymous payments - and therefore no tracking of purchases made and no risk to privacy - it is not yet clear whether the future digital euro would also offer this possibility, for several reasons.

First of all, the conditions for issuing and distributing the digital euro online appear difficult to reconcile, from a technological point of view, with a full anonymity in use. Secondly, anonymity could be contrary to other public policy objectives such as the fight against money laundering or the financing of terrorism.

The principles of privacy and personal data protection, enshrined in Articles 7 and 8 of the EU Charter of Fundamental Rights, must be balanced against other relevant rights and freedoms while respecting the principles of necessity and proportionality as set out by the CJEU.

In this debate, European data protection authorities recommend a balance:

  • on the one hand, a space of anonymity must be preserved within the framework of the future digital euro, without traceability (for example below a certain threshold for daily transactions);
  • on the other hand, transactions must be traceable only by entities with a legal mission of public interest.

In France, the latest work of the National Digital Council also advocates maintaining a margin of anonymity for transactions, in particular to avoid the exploitation of personal data by large digital services, which also makes it an issue of sovereignty.

A space of anonymity must be preserved in the future digital euro, without traceability

A project with high risks for freedoms

European data protection authorities have recently emphasized the significant privacy and data protection risks that may result from this type of project (widespread tracking and monitoring of transactions throughout payment systems, excessive interference in payment data by centralized state entities or private services, etc.), especially if it results in the centralization of accounts at the central bank, and the need to design the digital euro in a way that complies with European laws and principles.

Privacy preserving solutions to be integrated in the selected parameters

Standards similar to those imposed on cash

The anti-money laundering and counter-terrorist financing (AML/CFT) framework is not uniform. The FATF (Financial Action Task Force), in its recommendations published in English, considers that its standards apply to central bank digital currencies in the same way as to cash. It also explains that with respect to central bank digital currencies, there is a balance to be struck between AML/CFT and the protection of privacy and personal data. Therefore, the rules of the AML/CFT framework concerning cash (free use below €1000 in France) are a good precedent for the digital euro.

In fact, the parallel with anonymous cash payments is natural for everyday transactions of Europeans. According to the ECB, in 2019, the majority of payments up to €50 in the euro zone are made in cash, and 67% of transactions under €100 are in cash.

A necessary limitation of the risks of tracing

Similarly, for transactions above the threshold that would be retained, user identification must not exceed what is strictly necessary to comply with the regulatory obligations of the entities concerned (which do not require identification with a merchant, for example). This point is in line with the CNIL's position that the use of a sovereign identity (i.e. the identity declared to the civil status) or a verified identity is only necessary in such a context (i.e. with respect to the State), whereas a declarative or pseudonymous identity is generally sufficient in commercial matters, depending on the level of trust associated with it.

The European data protection authorities are also in favor of a method that offers offline transactions (without an Internet connection, so that it can be accessed anywhere in the EU, and does not require logging into an account), in order to mitigate the risks of tracing the individuals concerned. This is in line with one of the lessons learned from the CNIL White paper on payment data and means of payment and is in line with the accessibility of the digital euro.

Another important choice will be between a centralized approach (on an account with the ECB for example) and a decentralized approach (based on blockchain technology for example). If a decentralized approach were to be followed, the data would have to be "tokenized" (i.e. pseudonymized by means of a digital token) in order to avoid centralized control of transactions. For this purpose, a good practice is to store the tokens locally, in the user device or digital wallet, so that no data circulates unencrypted in the blockchain.

In practice, when connecting with an intermediary distributing digital euros, in order to reload their wallet, the transaction data would only be communicated to the intermediary for transactions above a certain threshold. Thus, the registration of users on an account and the monitoring of transactions by the ECB would not be necessary.

An indispensable democratic debate on the digital euro

Since last autumn, the digital euro project has now entered an "investigation phase", which began with an exploration of the use cases of the future digital euro and will continue throughout 2022 with the selection of the main design parameters. The European data protection authorities are working with the ECB teams at European level on a digital euro that respects the principles of the GDPR.

At the national level, the CNIL will work closely with the Banque de France on this subject, as it regularly does on issues involving financial players, in order to reconcile the legal requirements in financial matters with the challenges for the privacy of individuals.

Beyond the cooperation between public authorities and agencies, the CNIL - one of whose main missions is to support innovation - calls for the emergence of a public debate on the subject of the digital euro. This project, which will affect the daily lives of hundreds of millions of Europeans, must be taken out of the circle of specialists and discussions between regulators and invested in a democratic debate. What kind of digital euro do we want tomorrow, and for what purpose? What is the trade-off between security and freedom, and what effects will it have on digital and financial inclusion?