- The watchdogs call for clarifications on how user identifiers will be processed
- The proposed fraud detection and prevention mechanism is not foreseeable
- No offline or online transactions below a certain threshold should be traced
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS), two leading European privacy watchdogs, issued a Joint Opinion on a proposal to regulate the digital euro as a central bank digital currency (CBDC).
Embedding data protection early on
The digital euro will allow users to make electronic payments online and offline. While the EDPB and the EDPS welcome this additional payment method, they remain reserved regarding personal data protection and privacy in the context of the new CBDC.
EDPB Deputy Chair Irene Loizidou Nicolaidou said:
A high standard of privacy and data protection is instrumental in gaining citizens’ trust in this new digital currency. With this Joint Opinion, we aim to ensure that data protection is embedded early on in the design phase of the digital euro when used both online and offline and that the data protection responsibilities of each of the actors taking part in the issuance of digital euro are clearly specified in the Regulation.
The Regulation proposes the European Central Bank (ECB) and individual central banks establish a central point to ensure users do not hold more than the maximum digital euros allowed, known as the holding limit. The amounts held will be verified by processing users’ identifiers and the related holding limits. The watchdogs call for clarifications on how these identifiers will be processed.
Fraud detection mechanism not predictable
Further, the watchdogs find the proposed fraud detection and prevention mechanism (FDPM) is not foreseeable. They believe the FDPM’s necessity needs to be proven. If it isn’t, they recommend less intrusive measures where data privacy is concerned.
Introducing a privacy threshold
The EDPB and the EDPS insist on introducing a ‘privacy threshold’ for transactions. No offline or online transactions below it should be traced for purposes of combating terrorist financing and anti-money laundering (AML).
Finally, the EDPB and the EDPS find the proposed Regulation should clarify the ECB’s data protection responsibilities. These include the legal bases the ECB should consider and the types of personal data it should process to issue and use the digital euro.
