Central Bank Digital Currency

Click here to explore the dashboard on central bank digital currency

Tech Champion: Stefano Leucci 

Central Bank Digital Currency (CBDC) is a new form of money that exists only in digital form. Instead of printing money, the central bank issues widely accessible digital coins so that digital transactions and transfers become simple.

Efforts towards CBDC grow all over the world for many reasons. First, the COVID-19 crisis induced a shift in payment habits towards digital, contactless payments and e-commerce due to a now refuted danger of banknotes being way of transmitting infection, which has accelerated the decline of cash use. Second, cryptocurrencies developed by private organisations or informal communities (e.g. Bitcoin) have seen significant developments and value gain. As a response, 87 countries (representing over 90 percent of global GDP) are now exploring central bank digital currencies, while 9 of them have fully launched a state-owned digital currency.

CBDC could be developed in a number of ways. In a centralised approach, transactions are recorded in ledgers managed by central banks that also provide user-facing services. In a decentralised approach, a central bank sets rules and requirements for the settlement of CBDC transactions that are then recorded by users and/or financial intermediaries.

The impact of CBDC depends also on the chosen implementation. Conventional money requires many intermediaries in the payment chain, resulting in less efficient and secure payment experiences, as we showed in our recent TechDispatch. CBDC could find solutions to these issues, developing a more efficient, fast, secure and sovereign form of payment process. 

The European Central Bank, after exploring possible design scenarios for launching a Digital Euro and consulting with stakeholders, decided to launch a CBDC project with an investigation phase that will last from October 2021 to October 2023

Positive foreseen impacts on data protection:

  • Privacy is one of the most important design feature: the consultation launched by the ECB in October 2020 revealed that privacy is considered as the most important feature of a digital euro by both citizens and professionals; this was also confirmed by different focus groups. Design decisions are still open, and this situation results in a wide range of opportunities for configuring the product with an effective data protection by design approach.
  • More control over personal data and security: assuming that the development of CBDC will follow a strict data-protection-by-design and by-default approach, a CBDC could increase data protection and security in digital payments and provide payers more control over their personal data.  
  • Enhanced possibility to have anonymity in the payment process: privacy-enhancing technologies could be used to enhance the way anonymity is wired within the entire payment process while allowing the auditing only in pre-determined lawful cases, such as preventing money laundering, counter terrorism financing and tax evasion.

Negative foreseen impacts on data protection:

  • Concentration of data in the hands of central banks could lead to increased privacy risks for citizens: if payment data of all citizens were concentrated in the databases of a central bank, it would generate incentives for cyberattacks and a high systemic risk of individual or generalised surveillance in case of data breaches or, more in general, of unlawful access. 
  • Wrong design choices might worsen data protection issues in digital payments: payment data already reveals very sensitive aspects of a person. Wrong design choices in the underlying technological infrastructure might exacerbate the privacy and data protection issues that already exists in the digital payment landscape. For example, transactional data could be unlawfully used for credit evaluation and cross-selling initiatives.
  • Lack of security might turn into severe lack of trust from users: security concerns in the CBDC infrastructure, whose security requirements and expectations are high, may turn into a significant loss of trust from users.

Our three picks of suggested readings:

EDPS related works: