Digital Euro and Privacy Standards

Protecting Privacy in the Age of Digital Currency: EDPB and EDPS Recommendations on the Digital Euro Regulation

In a world where digitalization is at the forefront of financial innovation, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have issued a Joint Opinion on the proposed Regulation on the digital euro. The digital euro is envisioned as a central bank digital currency (CBDC) that offers individuals the option to make electronic payments both online and offline, complementing traditional cash transactions. While this initiative brings numerous advantages, the EDPB and the EDPS are committed to ensuring that data protection and privacy are upheld to the highest standards.

Balancing Convenience and Privacy

The proposed Regulation, in its current form, takes several important steps to address data protection concerns associated with the digital euro. Notably, it introduces an offline modality to minimize personal data processing, which is a commendable approach. Importantly, the EDPB and the EDPS have welcomed the provision that users will have the choice to transact in digital euros or physical cash. However, they also recognize the need for further improvements to safeguard user data and privacy.

Data Protection Recommendations

1. Minimizing Data Processing: The EDPB and the EDPS recommend that only necessary personal data of digital euro users be processed to reduce the risk of privacy infringements. This approach underscores the importance of avoiding excessive centralization of personal data by the European Central Bank (ECB) or national central banks.
2. Privacy in Design: The EDPB and the EDPS stress the importance of embedding data protection early in the design phase of the digital euro, both for online and offline use. This ensures that the roles and responsibilities of all parties involved are clearly specified in the Regulation.
3. Verifier Access Points: While acknowledging the need for a verification mechanism to ensure users do not exceed their holding limits, the EDPB and the EDPS call for clarifications on the processing of user identifiers. They also suggest assessing the necessity and proportionality of centralized verification and propose exploring decentralized alternatives.
4. Fraud Detection and Prevention: The Joint Opinion raises concerns about the lack of foreseeability in the processing of personal data within the fraud detection and prevention mechanism (FDPM). It recommends clearly defining the roles and tasks of the ECB, national central banks, and payment service providers (PSPs) in this context, adhering to data protection principles.
5. Privacy Threshold: To protect user privacy, the EDPB and the EDPS recommend introducing a ‘privacy threshold’ for online transactions. Transactions below this threshold would not be traced for anti-money laundering (AML) and combating the financing of terrorism (CFT) purposes. Technical measures should be implemented during the design phase to mitigate AML/CFT risks.
6. Data Protection Responsibilities: The proposed Regulation should further clarify the data protection responsibilities of the ECB and PSPs, including the legal bases they should rely upon and the types of personal data they should process for digital euro issuance, distribution, and usage.

The digital euro holds great promise in the world of digital finance, but ensuring the highest standards of data protection and privacy is paramount to gain the trust of citizens. The Joint Opinion from the EDPB and the EDPS serves as a valuable guide for policymakers and regulators to address the evolving landscape of digital currencies. By implementing these recommendations, the European Union can strike a harmonious balance between convenience and privacy in the digital era.

The EDPB and the EDPS remain committed to monitoring and providing guidance on the development of the proposed Regulation, emphasizing the importance of privacy and data protection in this groundbreaking financial endeavor.