Vigilance required on introduction of digital euro

The European Commission's ambition was greater at first, as it was to become a replacement system for all transactions in Europe, replacing cash and savings. This ambitious plan was gradually tempered in Europe during the public debate, and also because there was too little enthusiasm for it. The digital euro is now being offered as an alternative alongside already existing payment systems.

The European digital currency will be issued by the ECB and should compete with existing means of payment. The idea is that every citizen is entitled to a digital wallet containing a maximum of probably €3,000.00. No interest will be paid on this balance. Thus, the digital currency is no longer intended to serve as a savings vehicle.

The reason for introducing such a digital currency, according to the European Commission, is to strengthen the position of the euro, allow retailers to offer customers multiple ways to pay and ensure better access to payment systems. It does this by offering the service for free, to be used at all times and by not charging for the service.

This all sounds nice, but what about privacy? Privacy First currently has the following concerns and objections:

General t.v. ECB:

1. The proposal is relatively short and seems more like a framework for matters yet to be worked out, rather than a clear bill of rights.
2. The ECB regulates many issues around CBDC, but the question is whether this is justified. After all, the ECB is independent and there is no democratic control over the ECB (there are only some transparency requirements). As a result, there are hardly any opportunities to monitor or hold the ECB accountable for mistakes.
3. The theory is that the ECB is not interested in customers' data, but in practice, as a supervisory authority, the ECB does look at activities where large-scale processing of personal data plays an important role. This is because under the underlying rules (the so-called Single Supervisory Mechanism (SSM) Regulation), the ECB supervises "the internal organisation" of banks. In this way, the ECB together with national central banks such as De Nederlandsche Bank (DNB) can strongly influence banks' anti-money laundering duties and data sharing by banks.

Specifically on privacy:

1. The proposal devotes fine words to privacy, but in any case it is impossible that privacy is going to be guaranteed 'in a way as it exists when using cash'; anonymity does not exist when using the digital euro.
2. The proposal emphasises that the ECB and national central banks are not interested in the personal data of users of the digital euro. This does not really convince. The ECB is in a position to find out the identity of users. Furthermore, the ECB has several tasks under which it already has a lot of information, which can easily be combined with the data that will be processed under the proposal. As a result, it will not be difficult if required tracking users of the digital euro for ECB/DNB.
3. If the ECB/DNB really have no intention of being able to track users, a closer look should be taken at what should be regulated to minimise data processing.
4. The digital euro and the identity of the user can always be traced and the possibilities to do so are numerous; this is incomparable to cash.
5. Citizens will be allowed to hold digital euro accounts in different banks. At the same time, there will be a so-called "holding limit": a maximum amount of digital euros a citizen can hold. The ECB can determine this and will have to monitor it. So this automatically means tracking users. Privacy First wonders if a central database will be developed for this purpose with all the inherent dangers and risks involved?
6. Existing techniques with decentralised data processing, for example Bitcoin and StableCoin, possibly combined with Zero-Knowledge Proof, offer more privacy-friendly options in terms of technical infrastructure. With the latter privacy by design technique validates a financial transaction without having to disclose its content.
7. The proposal states that the processing of personal data that will result from the introduction of the digital euro and all the tasks thereby assigned to the ECB, national central banks and commercial parties will be based on the bases of (1) public interest or (2) a legal obligation. In doing so, the proposal chooses those bases under the AVG that present limited obstacles to the re-use of relevant personal data for purposes other than those for which that data was collected (see CJEU, 2 March 2023, ECLI:EU:C:2023:145). This leaves a lot of room to undermine the principle of purpose limitation, one of the core principles of the AVG.
8. The digital euro will explicitly not be programmable (Art. 24) in the sense of excluding its use for certain purposes or attaching an expiry date. The digital euro should, however, support the programming of conditional payments, e.g. an automatic payment that takes place at a certain time. Where exactly is the limit? Who will ensure that this is done properly?
9. Digital euro wallets should become interoperable with the (upcoming) European digital identity wallets. The House of Representatives previously asked the government not to agree to the proposal regarding the digital European identity (eID). The government ignored this and that digital European identity is still coming. Besides undermining democracy, digital identity has been the subject of much criticism and concern about safeguards for our privacy. (See also Privacy First's earlier comment at NU.co.uk and at Public Thinking.) How will we ensure that more and more important services for citizens are not linked to this identity and that the use of this digital identity thus becomes de facto unavoidable for citizens? How will we ensure that citizens cannot be traced by linking such a digital identity to, for example, the digital euro?
10. The digital euro should also become available offline. This means that users can pay for something without the intervention of the bank and that those offline payments would not be monitored; however, some form of (eventual) registration will have to take place in connection with the holding limit. It is argued that with the offline variant, the use of the digital euro is close to cash in terms of privacy. This is incorrect.
11. Offline payments directly from one user's wallet to another user's wallet will always leave (technical) traces. This is inherent in digital payments. For instance, it will always be traceable from which mobile to which mobile was paid, what the phone numbers of the mobiles are, etc.
12. The ECB in its role as regulator and other anti-money laundering/terrorism/sanctions regulators can always retrieve affected data from the banks, which ultimately have to register it on the digital euro account of affected users. But there are also other government departments that can request such traces. In the future, e.g. IMEI numbers of phones at banks might be retrievable by all kinds of government departments for all kinds of purposes, see https://www.internetconsultatie.nl/verwijzingsportaalbankgegevenswijziging .
13. What is special about the digital euro is that it is a direct claim by citizens against the ECB, rather than a claim against a commercial bank. Such a relationship between the ECB and individual citizens is new and raises questions about the legal position of users vis-à-vis a powerful institution like the ECB. How will it be regulated that users can approach the ECB in an easily accessible way for any mistakes made by the ECB? How will it be ensured that users are not caught between the commercial banks and the ECB in the process?

First, if legislators are serious about privacy, much more attention should be paid to the above points. For Privacy First, however, the fundamental question remains whether the intended 'benefits' of the digital euro will ever be able to outweigh the objections and risks.