Making the digital euro truly private

13 June 2024

By Maarten G.A. Daman

Paying is a private affair for many people. The idea that tech companies, banks, governments or employers might track payments is not particularly appealing. Cash provides a solution to avoid such tracing, but it can be inconvenient or simply impossible to use in certain situations (for example when buying online). Privacy is therefore an important factor when we think about current and future means of payment. As we design the digital euro, the ECB and the euro area central banks are making sure that our new digital money comes with a high level of privacy and robust data protection. The ECB Blog explains what future users of the digital euro can expect.

Will it be as private as cash? Not quite, but close. The digital euro promises you better privacy and data protection than other current electronic means of payment.

What is the digital euro? 

The digital euro is an important project of the European Union: a central bank digital currency meant to complement cash as a day-to-day means of payment. Anyone could use it in shops, online or between individuals. Best of all, you will be able to use it wherever digital payments are accepted throughout the euro area. Of course you want your name, the recipient of your transaction, the amount of the payment and all other associated data to be protected. So do we. 

Privacy will be guaranteed by the regulation for the digital euro, to be adopted by the European Union legislator via the usual democratic process. Ultimately, it will be up to European legislators to decide on the appropriate balance between privacy and other public policy objectives, like countering money laundering and other illicit activities. The digital euro will be implemented in line with this regulation. Our desire to ensure a high level of privacy has driven us to pioneer innovative technical solutions surpassing those typically offered by existing digital payment methods.

But how is the Eurosystem going to protect your data?

Using the digital euro offline: close to cash 

Choosing to pay with an “offline digital euro” would allow you to maintain a level of privacy that is close to cash. For example, you could pay a friend for your share of a dinner and only you and your friend would know the payment information. How? You would simply both have the digital euro app on your smartphones and hold them next to each other to transfer the money.

That might sound familiar because some commercial payment solutions allow for digital transfers among friends. But the digital euro has a huge advantage in terms of privacy. Nobody else would see your personal transaction details when paying offline. So, you would first fund your digital euro account with your money from your regular bank account, using your smartphone for example. This is similar to withdrawing cash at an ATM and putting banknotes into your wallet. Now you can transfer digital euro and use the offline function. This way the digital euro personal payment data stays solely between the two phones. Neither your bank, your friend’s bank, nor the Eurosystem will be able to see the personal payments data.

This offline function of the digital euro will also work if you are not connected to the internet, e.g. while hiking in the mountains. And the digital euro will work across borders, for instance if your friend has an account in a different euro area country.

The digital euro online offers more privacy than commercial solutions

Today most payment methods allow the provider to collect a significant amount of information on who is making a payment and for what. Many people feel uncomfortable about the use of their payment data for commercial purposes. That is why the Eurosystem is implementing strong data protection into the digital euro design. We are doing so in several ways:

• Technology: Your digital euro identity will be separated from your payment data so that the Eurosystem will process a very limited amount of data. Your bank will pseudonymise your data, which means that your name is not visible to the Eurosystem and is replaced by a random identification number.
• Rules: The Eurosystem will hold only very limited data. In addition, we will ensure that our service providers comply with high standards. We will enforce the same privacy and data protection rules that apply to the Eurosystem, impose our robust IT security and cyber rules, and include strong contractual safeguards such as audit rights and penalties for contract breaches.
• Organisational measures: The digital euro will benefit from the same organisational measures that apply to all our staff, such as security clearances (i.e. background checks) and segregation between business areas. These measures will help prevent issues like conflicts of interest.

What is perhaps even more important than the technical details is that the digital euro is a public project. Why is that important? Public institutions like the ECB have no interest in making money with payment data. We will only have a small amount of data and we would not be allowed to sell your payment information or use it for marketing purposes. Compared with most payment providers today, this is one of the core differences from a privacy perspective.

Data protection compliance

Design is one thing, but it is as important that the rules of data protection are audited and enforced. We plan to establish a data protection compliance and audit framework. An independent group, composed of data protection officers, will assess the implementation of data protection safeguards. The group will be independent from the digital euro operations, IT, risk management and other entities involved in the digital euro.

The independent group will further enhance the transparency and reliability of the digital euro project and comes on top of the already existing assurance by the European Data Protection Supervisor and our internal auditors.² Not only must privacy be done, it must be seen to be done.

Conclusion 

We will protect your payment data using a strong legal framework, technological innovation, and rigorous compliance. Ensuring state-of-the-art privacy and data protection is an essential part of the digital euro project.

The views expressed in each blog entry are those of the author(s) and do not necessarily represent the views of the European Central Bank and the Eurosystem.

Check out The ECB Blog and subscribe for future posts.