How we are sleepwalking into the digital euro: debate urgently needed

New phase digital-euro project

The digital euro has again been in the news frequently in recent weeks. This is because the European Central Bank (ECB) has decided to start the next phase of the digital euro project. In it, the Eurosystem will be technically prepared for the possible first issuance of a digital euro. This completes the preparation phase that followed the research phase (from 2021) and started in 2023. It is expected that the first pilots can start in 2027 with actual issuance in 2029.^[1]

Privacy First has previously expressed fundamental concerns about the digital euro.^[2] As more and more is known about the design of the digital euro, these concerns remain undiminished. The introduction of the digital euro is expected to have profound implications for society and citizens' rights. For this reason, Privacy First calls for a much more robust debate on whether the digital euro should happen and how citizens' financial privacy will not further deteriorate.

There is a proposal to make issuance legally possible, but there has not yet been any real political discussion in the Netherlands or Europe. Dare politicians at any point say no to a system in which so much has already been invested? Are we not collectively sleepwalking into a system whose pros and cons for society and citizens' fundamental rights are unclear?

With regard to the digital euro, the following comes into play:

• Concentration of power in a European body (the ECB) with no democratic accountability.
• The ECB lacks transparency; mature rebuttals to the ECB's actions are lacking and accountability for mistakes is effectively impossible.
• Tension in ECB role and practical implementation by financial institutions (banks and payment service providers), which will pass on costs to the corporate customer.
• The ECB decides on the design of the digital euro system, which involves major social risks.
• The ECB hides from responsibility when something goes wrong in the system. Mechanisms in favour of duped citizens are lacking.
• Alternatives with fewer risks to citizens' fundamental rights are not considered.

We explain this below.

ECB will issue euros directly to citizens

The digital euro is to become a complement to coins and notes. Unlike digital money issued by commercial banks, the ECB will issue the digital euros itself. If the plan succeeds, Europeans will be able to put digital euros in a so-called ‘wallet’ and use them to make payments. There will also be an offline variant, which would resemble cash.

If the ECB itself starts issuing digital euros, this will lead to an even greater concentration of power at the ECB than is already the case. What the consequences of this will be and what impact it could have on citizens is an underexplored issue.

Insufficient transparency and dissent

The ECB is positioned in Europe as an independent institution on the basis that politics should not influence the central bank. If governments had direct control over the central bank, politicians might be tempted to change interest rates to create a short-term economic boom or use central bank money to finance popular measures. This would seriously damage the economy.

The positioning of the ECB as an independent institution results in the ECB being a poorly transparent organisation. The ECB explains its policies to EU citizens by, for example, answering questions in the European Parliament, but it is almost impossible to hold the ECB accountable for mistakes it makes. This is mainly for two reasons.

First, the European Court of Justice applies high thresholds before the ECB is deemed liable. For instance, EU institutions like the ECB are only liable for damages caused by them if there is a ‘serious breach’ of a rule of EU law. Furthermore, damages can only be claimed at the European Court. This is a high and costly threshold for citizens, while the turnaround time for a case at the European Court is easily 2 to 3 years. A search of the database covering all lawsuits against the ECB yields no successful claims against the ECB.

The rollout and customer contact lies with commercial parties

Although the ECB will issue the digital euro, it will be distributed exclusively through commercial banks and payment service providers. These parties will be obliged to make the digital euro available to the public. They will be responsible for carrying out all operations normally associated with opening and maintaining an ordinary bank account, such as anti-money laundering checks at onboarding, transaction monitoring and customer service.

One particular feature that banks will have to set up and make work is the so-called ‘waterfall functionality’. It is expected that many people will find it convenient to link their digital euro account to a regular bank account. Since people are likely to be allowed to keep a maximum of 3,000 digital euros and there is a chance that someone may exceed that amount by receiving digital euros, a waterfall functionality will have to be set up, which will automatically transfer the excess amount of digital euros to the linked bank account. Conversely, a deficit in the digital euro account can also be transferred directly from the linked bank account (the reverse waterfall function). This functionality comes with risks.

The ECB will supervise the banks and payment service providers tasked with rolling out the digital euro in the market. The ECB will thus monitor whether banks and payment institutions are carrying out the distribution correctly (managing related IT risks, for example) and treating consumers holding a digital euro account properly.

At prices that ECB will monitor

The ECB has promised that the digital euro will be free for consumers. Because developing, rolling out and keeping the digital euro in the air costs a lot of money^[3], banks and payment institutions will start charging the costs they incur to the businesses that have to (compulsorily) accept the digital euro.

The fees that banks are allowed to charge, according to rules^[4] ‘proportionate’. The ECB will monitor whether the fees banks will charge are indeed proportionate.

ECB decides on design and application options

The design of the digital euro system will be determined by the ECB. The proposed rules for introducing the digital euro set the limits the ECB will have to abide by, but the ECB has a lot of room to arrive at its own choices and interpretation.

Privacy First will not detail here the opportunities and risks presented by the digital euro, but points out that setting up the digital euro is not a purely technical discussion. Introducing the digital euro means, among other things:

• Risks to privacy, including because of the creation of a database in which the ECB will record all payments. This database is within reach of intelligence services and police forces[5] en zal een belangrijk doelwit zijn voor cyberaanvallen;
• The likelihood of programmable money, i.e. money that can only be used for certain purposes[6];
• The probability that use of the digital euro will actually become mandatory, for example because the government pays certain subsidies or other types of benefits exclusively in digital euros. A citizen who does not want to use the digital euro will then not be able to claim the subsidy in question (it will then be an ‘own choice’);
• Risks of cash being phased out, when it is the only form of money that actually provides anonymity and is accessible to all. As use of the digital euro increases, cash will have to be withdrawn from circulation to keep the ECB-issued money supply the same or not grow too much;
• Creeping introduction of digital identity (‘EUDI-wallet’ / ‘EDI-wallet’); to use the online variant of the digital euro, citizens will need to have a digital wallet. Linking or integrating digital identity with the digital euro thus becomes likely.[7] Currently, there is already talk of designing rules under which banks will be required to use digital identity.[8] Does this still make use of digital identity mandatory?
• A huge concentration of power at the ECB, while democratic control of the ECB is lacking and lawsuits against the ECB are not only lengthy and costly, but also have little chance of success;
• Increasing risk of cyber attacks on critical infrastructure as online version of the digital euro adds another layer of complexity to existing digital payment infrastructure.

ECB hides from responsibility

Just as things can go wrong in current payments, there are things that can go wrong when paying with or receiving digital euros. For example, payments can be disputed because what has been purchased has been damaged or payments have been made without the payer's consent. Technical errors also sometimes arise, causing, for example, the transaction amount to differ or transactions to be performed twice. Finally, fraud such as identity fraud or interception of payment data may occur. If these types of errors currently occur, payers or recipients can generally sue the bank or merchant.

For transactions where the digital euro will be used, there may of course also be (technical) errors or fraud. However, the ECB indicates that it will not recognise any liability for this. It will always be the bank, the payment service provider, the merchant or, in some cases, the consumer who will be liable.^[9]

The ECB's position is remarkable because it is not in line with the European Treaty, which stipulates that the ECB is liable for mistakes it makes in the tasks it performs.^[10] ECB positions digital euro as risk-free^[11], but this is misleading. Indeed, it is possible to foresee all kinds of situations in which occurred errors could be attributable to the ECB.

For example, a hacked digital euro account where money is automatically deposited in digital euros without user intervention (the reverse waterfall) could lead to unlimited withdrawals from the linked commercial bank account. Furthermore, the digital euro uses existing payment structures and therefore use of the euro will be exposed to the same risks that already occur when using bank-issued digital money.

The ECB as issuer of the digital euro must take into account the occurrence of these risks and will not be able to simply pass them on to other parties. A low-threshold system will therefore have to be put in place for affected users, under which they can recover damages suffered from the ECB. Without such a system, users of the digital euro will be left empty-handed if errors occur that are attributable to the ECB.

Where is the voice of citizens?

In 2022, the European Commission organised a ‘have your say’ on the digital euro. More than 19,500 European citizens took the trouble to respond to this consultation.^[12] None of the responses were positive.

Four years after the ECB started this project, many questions remain about the usefulness and necessity of the digital euro. The ECB remains positive about the digital euro and the Dutch government has also indicated a positive attitude towards the digital euro.^[13] Others doubt the added value of a digital euro.

Privacy First suffices with the observation that it is unknown whether the digital euro really meets a need and what the exact impact of introduction on citizens will be. At the same time, it is clear that the digital euro carries significant risks and that the ECB has and will have tasks and roles in design and rollout that create an unbalanced system.

For years, the ECB has been investing in the development of the euro while democratic debate in the EU Member States is absent and decision-making is far away. With this, there is a high probability, that we are walking into the digital euro without real visibility of impact and risks and without considering possible alternatives with less risk to citizens' fundamental rights and less concentration of power at the ECB.^[14]

Privacy First therefore calls on politicians to prevent the roll-out of the digital euro without serious democratic debate and legitimisation. Introduction of the digital euro cannot depend on a single European vote, but requires a much broader debate.

 

^[1] Progress on the preparation phase of a digital euro - Closing progress report

^[2] The digital euro: prelude to mass surveillance at European level? | Privacy First

^[3] The ECB estimates the cost to the commercial sector at between €4bn and €5.77bn. Banks estimate the cost at around €18 billion. See for example Digital euro: one cost may hide another

^[4] See Article 17 of the Proposal for a Regulation on the Digital Euro (‘the Regulation’): https://eur-lex.europa.eu/resource.html?uri=cellar:6f2f669f-1686-11ee-806b-01aa75ed71a1.0010.02/DOC_1&format=PDF

^[5] Art. 32 of the Regulation.

^[6] See, among others, pp. 8-9 of this DNB publication: https://www.dnb.nl/media/espadbvb/central-bank-digital-currency.pdf

^[7] See p. 22ff of the report ‘Digital decentralised value transfer for the public sector in the Netherlands’ produced for the Dutch Ministry of the Interior: https://cris.vub.be/ws/portalfiles/portal/79975514/Rapport_Digitale_Decentrale_Waardeoverdracht_voor_de_publieke_sector_in_NL.pdf

^[8] See Privacy First's consultation response to European Banking Authority proposals: https://privacyfirst.nl/artikelen/digitale-identiteit-wordt-sluipenderwijs-toch-verplicht/

^[9] A stocktake on the digital euro - Summary report on the investigation phase and outlook on the next phase p. 27.

^[10] Art. 340 of the Treaty on the Functioning of the European Union.

^[11] Shifting payment landscape: what a digital euro will bring

^[12] A digital euro for the EU

^[13] BNC Chip Digital Euro: Parliamentary paper 22112, no 3747 | Government.co.uk > Official notices

^[14] See for example https://www.norea.nl/nieuws/lancering-van-wero-belangrijke-stap-europese-digitale-souvereiniteit