Original Source: Global Government Fintech
The European Central Bank (ECB) has invited external experts to participate in a short series of technical deliberations on data privacy-related challenges involved in designing a digital euro.
Talks are set to focus on the ‘large-scale application of privacy-enhancing technologies in settlement of retail payments’, according to a short ECB online notice.
Data privacy is a challenge for central bank digital currency (CBDC) designers worldwide and ranked as top priority in an ECB public consultation on the digital euro whose results were published in January 2021.
The invite for experts to apply to inform its thinking represents the latest move by the Frankfurt-based authority – which kicked off its ‘investigation phase’ into a potential eurozone CBDC last autumn – to involve external perspectives.
Just over two months ago the ECB published a call for expressions of interest for digital euro ‘front-end prototyping’ as part of explorations of ‘interface solutions’ for making payments with a potential eurozone CBDC. This came just a few weeks after the ECB launched a tender process for digital euro-related design and business model consultancy.
The talks on privacy-enhancing technologies – technologies that embody fundamental data protection principles – are scheduled to take place by virtual means from 25-29 July (depending on participants’ availabilities). ‘Closed’ sessions will involve members of the ECB’s digital euro project team and are likely to feature about six external experts each time.
Questions being asked
The Eurosystem (the ECB and the central banks of the 19 European Union member states that use the euro) had already started to explore privacy-enhancing techniques in CBDCs before preliminary work on a digital euro began. In one more recent specific project the ECB worked alongside the Bank of Japan a couple of years ago to analyse a range of techniques aimed at balancing the confidentiality and auditability of payments in a distributed-ledger environment (this was known as ‘Project Stella’).
Questions set to be explored during the forthcoming expert discussions include: how the payment asset issuer can exert control over settlement rules and maintain adequate, tamper-proof evidence of the amounts in circulation while also minimising the accessibility of sensitive information (with sensitive information defined as ‘any information that allows the operator of a ledger to link transaction data to an individual user’); and considerations related to ‘back-end’ IT architecture.
Speaking to members of the European Parliament (EP) about a potential eurozone CBDC’s design on 30 March ECB executive board member Fabio Panetta said that “in a baseline scenario, a digital euro would provide people with a level of privacy equal to or higher than that of private digital solutions”. He told the EP’s economic and monetary affairs committee that “full anonymity is not a viable option from a public policy perspective”, saying that this would “raise concerns about the digital euro potentially being used for illicit purposes” as well as “mak[ing] it virtually impossible to limit the use of the digital euro as a form of investment – but this limitation is essential from a financial stability perspective.”
In an appearance before the committee in April last year Panetta referred to ‘privacy-enhancing techniques’, going on to say that “the identity of [digital euro] users could be kept separate from payment data, allowing only financial intelligence units to obtain this information and identify the payer and payee when suspicious activity is detected.” He added: “Our preliminary experimentation on a digital euro is showing promising results on how technology can be used to protect user privacy without relaxing standards against illicit activities.”
Countdown to October 2023
The digital euro investigation phase is expected to run until October 2023. A decision to launch a digital euro, or not, would follow.
In terms of the ECB’s in-house CBDC team, Evelien Witlox took up the newly created role of digital euro programme manager in January.
Externally the ECB is also being informed on CBDC by a ‘Market Advisory Group’ (MAG), which comprises 30 private-sector retail payments specialists. The MAG, whose members are drawn mainly from major European banks but also include retail-sector professionals, is meeting at least quarterly. Representatives from Eurosystem national central banks, as well as the Commission, are also participating.
Data privacy was among the 13 public policy principles for the implementation of retail CBDCs published during the UK’s presidency of the Group of Seven (G7) nations last year. ‘Rigorous standards of privacy, accountability for the protection of users’ data, and transparency on how information will be secured and used is essential for any CBDC to command trust and confidence,’ the ‘Public Policy Principles for Retail CBDCs’ document stated.
Examples of public agency reports on privacy-enhancing technologies (‘PETs’) include a ‘Readiness Analysis for the Adoption and Evolution of Privacy Enhancing Technologies’ by ENISA (the EU Agency for Cybersecurity) in 2016. The UK’s Centre for Data Ethics & Innovation offers a ‘PETs Adoption Guide’.
