The potential for a retail central bank digital currency to provide more information about users and their transactions, as well as aid in detection, supervision and monitoring, as well as assist law enforcement efforts. This opens up the possibility for the central bank being criticised that CBDCs could be used by other banks and payment service providers who are part of the CBDC eco-system as surveillance tools.
Authorities could theoretically also censor certain users or transactions, which would limit user freedoms. Storing and collecting transaction and personal information could lead to price discrimination and increase cybersecurity risks for CBDC users. If personal information is leaked, it could result in financial losses that may be covered by the central bank or its agents.
This article is part CoinDesk’s Policy Week. John Kiff is a former IMF senior financial sector expert and research director at Sovereign Official Digital Association. He also heads CBDC/digital capital market advisory at Satoshi Capital Advisers, and advisor to WhisperCash. Dr. Jonas Gross, chairman of the Digital Euro Association and chief operating officer at etonec.
These are the reasons why it is important to allow high privacy for CBDC transactions.
What does privacy mean? How private are digital payment rails that exist today?
Privacy is a fundamental civil rights, as e.g., Article 12 of the Constitution. Universal Declaration of Human Rights, United NationsIt is not always easy to apply money, and the privacy levels of different types of money are very different.
Cash is the most private type of money. Cash is the most private form of money. Only the transaction parties can see the details about the transaction. Any payment-related data cannot be viewed by any third party.
The public is already accepting some financial privacy invasions. Digital payment methods such as mobile money, bank account transfers, debit and credit cards and bank accounts transfers, do not offer privacy and are increasing in market share. To open bank accounts, and ultimately to conduct transactions, you need to know your customer (KYC). This confidential KYC information and transaction data are shared with intermediaries such as banks, credit cards companies, etc. that are involved in transactions.
Also see: What is KYC? And Why Is It Important for Crypto?
A recent survey conducted by the European Central Bank (ECB) in the European Union (EU) has revealed that there are a lot of people who don’t like the idea of a central bank. In 2022, the volume digital payments has surpassed the volume cash payments for the first-ever time.. However, The survey It was also found that privacy-oriented payment methods are in high demand due to the fact that cash transactions are kept private.
However, high privacy for payments has one major drawback. Financial institutions have a harder time complying with the requirement to keep transaction data private because it is less public. Financial Action Task Force (FATF). Anti-money laundering, combating terrorist financing, and combating proliferation financing (AML/CFT/CPF standards). Transaction data cannot be shared with third parties, making it difficult – or even impossible – to identify and study the origin of funds.
To answer the privacy and compliance question, how private are CBDC payment? This question is not easy to answer. It all depends on the CBDC design, and the central bank’s goals. Privacy isn’t always black and white. Different jurisdictions may have different privacy requirements for CBDCs.
The European Central Bank (ECB).For example,, there are four possible forms of transaction data privacy for a digital euro. These privacy provisions can be sorted in the following order:
Transparent to the central banking: All transactions and KYC data are visible for the central banks
Transparent for intermediaries: All KYC and transaction data is visible to intermediaries
Privacy threshold: Low-value transactions have a high level of privacy, while transactions with higher values are subject to customer due diligence checks. Large-value transactions can be monitored via digital wallets that include limits. The ECB tested non-transferrable transactions. “anonymity vouchers” These allow users to transfer a restricted amount of CBDC over a specified period and with greater privacy. One key question around a privacy threshold is if the end-users need to trust the central bank for preserving privacy, e.g., in a sense that the central bank guarantees not to look into data for large-volume transactions or monetize data, or if privacy is independent of the central bank, e.g., implemented via privacy-oriented cryptographic techniques, such as zero-knowledge-proofs or blind signatures.
Transparency to third parties is not possible: Intermediaries and the central bank are not privy to transaction amounts and holdings/balances. This can be interpreted as complete anonymity in extreme cases. In cash payments, the identity of the user is unknown and no KYC procedures are performed, except for when onboarding.
Privacy threshold seems to be the best compromise between ensuring privacy of payments and accounting for regulatory requirements in retail CBDC launches. This model is used by countries like China, Nigeria, and the Bahamas for their CBDCs.
Also see: China launches Smart-Contract Function on Digital Yuan through E-Commerce App Meituan
The ECB conducted a however Survey We found that privacy was the most desired feature of a digital euro. “Transparent towards intermediary” framework. This “baseline model”, the design as it stands now, is intended to satisfy AML/CFT requirements, but may conflict with the general public’s desire for high privacy.
New technology approaches are available to balance payment privacy and regulatory compliance.
Adoption is affected by the privacy level of a CBDC. This can impact if people view central bank systems as a replacement for cash or digital forms of payment – which are separate uses. A CBDC with cash-like characteristics could be more popular if users are sensitive to privacy.
There are many technology solutions that can be used by CBDCs, both hardware- and software-based. They allow for high levels of privacy while still complying with regulations such as:
Gross et al. (2021) We have suggested a CBDC system that allows private, cash-like CBDC transactions within certain monetary limits. Transactions above these limits will have the same (or lower) privacy levels as digital payment platforms. Limitations can be set in terms of transaction size and holdings, as well as turnover. Although a unique digital identification is required for the system to work, it isn’t a requirement. Cryptographic zero-knowledge proofs provide high privacy and compliance with limitations.
Chaum and Moer (2022). We have proposed a CBDC system that relies on blind signatures. This allows central banks to issue tokens via payment service providers, without knowing who the owners of specific tokens are. The central bank keeps a record of all coin identifiers so that no one can issue new tokens. However, transactions between wallets cannot be recorded. If users wish to have their tokens traced by law enforcement, they can opt out of the privacy. Launched by the Bank for International Settlements’ Innovation Hub, the Swiss Centre of The Bank for International Settlements (BIS), Project Tourbillon This will be built and tested. eCash 2.0 Platform.
The CBDC hardware solutions, which can be a card or mobile wallet app that stores prepaid values locally, offer the possibility of complete anonymity. Such wallets could conceivably be as anonymous and private as physical cash, although the central bank may require identification to enforce a one-wallet-per-person policy or holding and/or transaction size limits to mitigate financial integrity risk. Giesecke Devrient A card-based CBDC platform that allows unlimited offline transactions has been tested in Ghana.
As noted in This 2021 paperThe question of how much data privacy you want for your CBDC is not technological. Technologically, privacy can be achieved at any level.
Also see: What will 2023 bring for CBDCs in the future?
It’s a policy and political question. Retail CBDC pilots and launches have been disappointing, so it is time to look at privacy-focused CBDC solutions that are more money-friendly. If a CBDC addresses the needs of its users and is trusted by society, it will be a success.