The European Union published its proposal for a digital euro late last month, which will be issued by the European Central Bank (ECB) if it goes ahead. There's plenty to digest in the 62-page document, but the one area I want to focus on in this post is privacy.
Digital euros will be permitted to have cash-levels of privacy, says the EU, although only for a certain type of transaction: offline transactions.
An offline transaction is one that doesn't require the internet or any sort of connection to an ECB database. The buyer and seller each carry a local storage device where digital euros are recorded, say a "euro card" with a chip on it, and these devices can talk to each other when in close proximity, the transaction getting settled directly between the two devices. If the electricity is down, no problem. The payment will still go through.
By contrast, for online transactions there will be an ECB database in some Belgian or French data centre where individual balances are recorded. When a buyer and seller transact, the payment request is communicated over the wires to this database and respective balances are updated, much like a debit or credit card payment.
An online transaction can be made anywhere, assuming that the internet isn't down. A person in Holland can use it to buy shoes from a German website, for instance. But these transactions won't be private.
The privacy levels of offline transactions, however, will be comparable to "the use of cash," says the ECB. If you pay me 200 euros using the offline format, the ECB and third party payments services providers will "not gain access to personal transaction data." The catch is that because our local storage devices must sync up, offline transaction can only be made face-to-face, sort of like cash. So no Holland-to-Germany payments.
Who are these payments services providers, and how do they figure into the equation? If you want to get physical cash, one way to do so is to withdraw it from a bank ATM. In that same vein, to get digital euros you can't get them from the ECB, but will have to withdraw them from a payments services provider with whom you have a relationship. That provider may be a commercial bank, but it could even be the post office.
These payments services providers will also be in charge of registering the storage devices that allow for offline payments. The idea behind registration is to prevent people from having multiple storage devices, and thus evading what will surely be personal holding limits on private offline euros.
The proposal doesn't mention what the limits would be. Will there be, for instance, a maximum of 1000 in offline euros allowed on one's Euro Card at any point in time, and perhaps a monthly spending limit of 5000 euros? Lower? Higher?
My thoughts:
It's great to see the EU champion the cause of financial privacy. In consultations with citizens, privacy was considered the most important feature of a digital euro, so the EU is responding to their needs by ensuring that the ECB's role as a financial privacy provider, historically confined to paper money, continues in the digital era.
Privacy is important, but limiting the size of this anonymous financial space is also prudent, in my opinion, in order to reduce the scope for harmful activities, particularly fraud. Maximum offline balances and transaction sizes will be a key part of this delimiting effort.
But ceilings should not be set too low, since that will make for unusable privacy. The proposal doesn't mention specific numbers for ceilings, but going forward they will be the a key line of contention, with law enforcement no doubt lobbying for the lowest possible allowance for offline euros, and thus a mostly unusable product, and citizens groups pushing for higher limits and usability.
In additional to limits on balances, the EU's proposal uses personal proximity as the way to set out the boundaries to transactional privacy. That is, in an attempt to limit the availability of privacy, and thus its potential danger, it will confine the option to in-person scenarios.
Unfortunately, if only face-to-face transactions can ever be private, then the EU is saying that it is comfortable with a large percentage of Europeans' financial lives being permanently non-private. Having already opened the door to private offline transactions, the EU has tacitly
accepted the ECB's responsibility as privacy-provider to the people. Shouldn't its
responsibilities extend further than that? In addition of allowing for in-person private payments, why not allow Europeans to make small amounts of private online transactions, too? This category of transactions will only get proportionately larger over
time as people increasingly hunker down into their internet lifestyles.
Lastly, is the EU's commitment to offline privacy one that can be trusted? Will there be back doors? Even if there are in fact no back doors, and offline digital euro transaction are truly 100% private, in our post-Snowdon era how can users even be sure of this? The proposal gives no hints at how and why Europeans can build trust in the EU's privacy claims.
"Privacy is important, but limiting the size of this anonymous financial space is also prudent, in my opinion, in order to reduce the scope for harmful activities, particularly fraud. Maximum offline balances and transaction sizes will be a key part of this delimiting effort."
ReplyDeleteA lot of activities and users benefit from privacy. Political activism. Romantic affairs. Or, for anyone who wouldn't like to have his data influence a present or future (social?) credit score.
With such a line of arguing, you're empowering governments and big companies with ideological tools to reduce privacy to the bare acceptable, and then reduce it year after year.
I don't understand why the western world is so antagonist toward authoritarian regimes like China or Russia, while yearning very hard to become like them. Your article is a good example of this tendency.
Agreed, a lot of licit activities benefit from privacy. That's exactly why something like a an offline euro is required; to prove a privacy-preserving venue for making payments.
DeleteBut illicit activities also benefit from privacy, in particular fraud. Placing some sort of limits, say by setting a maximum transaction size, is a way to give room for licit private activity to bloom while preventing (or at least reducing) large-scale illegal activity.
The issue as I see it is how & where to set the limits to maximize the one while minimizing the other.
"The proposal doesn't mention what the limits would be. Will there be, for instance, a maximum of 1000 in offline euros allowed on one's Euro Card at any point in time"
ReplyDelete"Having already opened the door to private offline transactions, the EU has tacitly accepted the ECB's responsibility as privacy-provider to the people"
The situation is actually even weirder: the ECB will be setting limits for *on*line digital euro, whereas the European Commission will be responsible for *off*line holding limits. Apparently the ECB believes that it is the role of the politicians/bureaucrats, not central bankers, to make decisions on privacy, AML/CTF, etc. determinations for cash-like instruments. Bizarre.
But it's true limits are not set in advance in the legislative proposal. It's not even clear if they'll be fixed or dynamic and depending on the macroeconomic environment. The often-floated number is €3000, basically pulled out of thin air and based on pretty shoddy research.
Any limits on online holdings are probably due to concerns about potential runs out of private deposits into CBDC, so I can understand why they'd want to task the setting of those limits to the ECB, which presumably has the best insights into financial stability.
Delete