Privacy First public debate on right to anonymous payment
To what extent is there a right to cash or otherwise anonymous payment? How can this right be legally strengthened and technically realised?
On Thursday evening 7 April 2016, Privacy First's office location (Volkshotel, Amsterdam) hosted an exciting public debate place on the right to anonymous payment. Privacy First organised this debate because anonymous payment is coming under increasing pressure. Cash payments are being banned, with no anonymous digital alternatives to replace them.
Privacy First chairman Bas Filippini opened the evening and the debate was led by moderator Ancilla Tilia (FD columnist). Four guest speakers were invited for the debate: Vincent Jansen (Innopay - Payments & Digital Identity), Bram Scholten (DNB), Eric Verheul (KeyControls/Radboud University Nijmegen) and Olivier Oosterbaan (Leopold Meijnen Oosterbaan Advocaten).
Ancilla Tilia began the evening with her column for the Financial Times newspaper 'I am not my bank account', in which she wonders: 'Who will stand up for cash preservation?'
Bas Filippini - chairman Privacy First
Next to speak was Privacy First chairman Bas Filippini. In his foreword, Filippini stressed that privacy is not only side by side with security, but is a basic principle of our democratic rule of law. It is a fundamental right to be able to be anonymous in public spaces. The right to pay anonymously is an important part of this. However, in recent years we have gone from 'Cash is King to Cash is Criminal'. Filippini is curious to see if there are privacy-friendly alternatives to banknotes and sounding coins, and to see if technology can support rather than undermine the principle of anonymous payment.
Olivier Oosterbaan - Leopold Meijnen Oosterbaan Advocaten
Olivier Oosterbaan advocates for privacy and against identity theft, among other things. During the public debate, he explains some possible processing bases under the Personal Data Protection Act and the balance with privacy protection. For example, he explains who all might be involved in a parking transaction and what data is shared. In addition, it lets the municipality know that you have been at a certain place for a certain period of time. But even at some shops, you can only pay by PIN and thereby let the bank know that you have been at a certain place.
Vincent Jansen - InnoPay and Digital Identity
Vincent specialises in innovative payments, which in his context has little to do with cash. He gives an introduction on context: the more context you give to a payment, the less anonymous you will be.
In this context: the more often you visit a shop, the more information you share with the receiving party, e.g. when you visit your favourite coffee shop every week: in the long run, they know you have a nice latte macchiato comes to collect. Giving more context removes some of your anonymity.
When you withdraw, the receiving party gets information: on the receipt, for example, the last digits of your bank account number and your card number. This allows the receiving party to know that you are a returning customer. As a customer, you don't get much more information than when you pay cash: for example, you know the name of the shop and where it is located. So the difference between debit card and cash payments is mainly that there is a payment service provider in between, who needs to know who wants to pay and to whom to pay. In doing so, the payment service provider needs to know what time and which branch you are at, for example, and a whole lot of data arises in the process.
What about payment by bank transfer? Here, if you want to transfer money, you need a lot of information from the beneficiary. What is noteworthy is that the payee also gets a lot of information, such as the account number, the ascription and also the sender's address and place of residence.
Crypto-currency as a trend, the phenomenon that you can actually have a kind of online cash. This is not anonymous, but some form of pseudonymity where there is no bank in between and where we all establish who has the money and where it is. It is a trend that is relatively young but has a lot of potential, in the form of having 'digital cash'.
Another phenomenon is to pseudonymise regular transactions in the current payment structure. This is a generic trend, where data is no longer relatable and where less static data is provided with the transaction.
Another trend from the European Commission is the Payment Service Directive which will be in force in 2018. Under this, banks will be instructed to open up an account to payment and information services, if the customer so desires. In other words, I have to tell a provider that you can look at my statements on my behalf, in all my bank accounts, to become my budget coach, for example. However, what is likely to happen is that bank data can be accessed elsewhere and will be stored.
The latest trend to be named is Social Payments, mainly in the peer-to-peer atmosphere that payment is increasingly becoming a part of interaction and that it can actually be very 'cool' and fun to enrich a payment with context. So that it comes to life in the banking environment, by mentioning why you are paying, where it was and putting a nice picture in the process, for example. Another phenomenon is that IBANS (which are tricky things) will possibly be replaced by 06 numbers and e-mail addresses, which again entail extra traceability.
Bram Scholten - De Nederlandsche Bank
Since 2012, the Dutch Central Bank (DNB) has been concerned about the pressure on cash. Consequently, DNB's annual reports stress the importance of cash. Bram Scholten argues that cash provides privacy protection. He quotes from the DNB's 2012 annual report: 'In these times when society is increasingly invading personal privacy by electronic means, the need for this remains'. The Dutch Central Bank worked with market parties such as Detailhandel Nederland and the Dutch Payments Association, which represents the banks, in November 2015 in the Maatschappelijk Overleg Betalingsverkeer (MOB) to propagate in their own circles that cash payments will remain possible for point-of-sale (out-of-hours) payments. This therefore distances it from the fact that cash payments would sometimes no longer be possible. The Dutch Central Bank has measured that half of all payments are still made with cash.
Paying in cash is, of course, an option to pay anonymously. If we had a right to pay cash, we would also have a legitimate option to pay anonymously. Essentially, the Civil Code describes cash payments as the ordinary way of paying. In principle, further arrangements should be made to deviate from the law to pay in cash. In the MOB report has therefore been stated that especially in situations where there is a local monopoly, such as a pharmacy in an area where there are no other pharmacies, if you could not pay cash there, this could dup certain people, as people could no longer get what they need. The MOB sees this as undesirable and also questions whether it is lawful to refuse cash. This is an open question and essentially also a question in the field of European law, as it has been established at European level that cash is legal tender. However, there is no European Court of Justice case-law yet on how this should be applied and what exactly the concept of legal tender means. So this may lend itself to a test case.
Eric Verheul - Radboud University Nijmegen & Digital Security Group
Eric gave a presentation on online payments and online login. What exactly happens when you checkout something in an online shop? For example: Jan Jansen buys something in a webshop, what exactly he buys could say something about him as a person, maybe it is something he is ashamed of and doesn't want everyone to know. It could also be that that information contains special personal data. When you pay online, the bank knows who you are and who you are paying to. This can be disadvantageous from a privacy point of view, but pleasant in terms of security. It allows a bank, for instance, to see that a payment is fraudulent and stop this payment. In addition, it can be handy for the webshop to know your account number, if they want to refund money, for instance.
This is in relation to an online application: for example, you have DigiD to log in to the Tax Office. The same issues apply here as with online payments, because here you identify yourself with, for example, your name or in some cases a pseudonym. Such an access service knows your identity and to which website you are seeking access. And such an access service could be hacked, for instance. More and more healthcare institutions are using DigiD, but how desirable is it for DigiD to know that you are visiting a mental healthcare institution? And what if, for example, a bank provides such an access service, how desirable is it that such a party knows all that? In the parallel with the physical world: then someone knows which physical shops you all visit. Digitally, it is currently quite natural for all of that to happen.
In 2014, we developed a new technique: polymorphic pseudonymisation. It actually works in the same way as, say, DigiD or another access service, you just have to show a special card and the special thing about that card is that the access service that reads that card cannot find out your identity, but can only read encrypted pseudonyms. With this, the access service does grant access to a website, the website you visit knows who it is dealing with, but the access service no longer has your (personal) data. You could also use this service for online payments, for example by using an encrypted e-wallet fill with money. A bank does allow you to transfer money to those e-wallet, but the bank no longer knows who exactly it is dealing with because the e-wallet is pseudonymised.
The introductions and presentations were followed by an audience debate, where several questions were answered and some recommendations were given:
- Look at digital payments and how it can be made more privacy-friendly.
- Cash payments should remain possible for over-the-counter payments (payments outside the door).
Some of the questions from the audience to the guest speakers:
To what extent is a prepaid credit card an anonymous means of payment?
- Identification is requested for a prepaid credit card.
- Often, a prepaid credit card also needs to be activated for specific payments.
How do you guys feel about the 500-euro note being phased out?
- It will not be useful in the context of counter-terrorism.
Click HERE for the invitation (pdf) that Privacy First sent to its network for this event. Would you like to receive invitations to our events from now on? Then send us a message, then we will put you on our mailing list!