Sunday, October 4, 2020

The ECB's digital euro: anonymous or not?

 

The European Central Bank (ECB) recently published a report that explores the idea of introducing a digital euro for use by the general public. This project is known as a central bank digital currency, or CBDC, and many other countries are exploring the same idea. John Kiff has a useful database here showing how far these projects have progressed.

Will the ECB's new euros-for-all be relatively open and anonymous like cash? Or will they require ID and permission like a bank account?

In short, the report says that anonymity may have to be "ruled out." It says that regulations do not allow anonymity in electronic payments, and the ECB must comply with regulations. I quote the passage below:
"While [anonymity] is currently the case for banknotes and coins, regulations do not allow anonymity in electronic payments and the digital euro must in principle comply with such regulations (Requirement 10)."
But I'm pretty sure the report is wrong on this. EU regulations do allow for anonymity in electronic payments. The Fifth EU Anti-Money Laundering Directive (AML5) exempts issuers of e-money/prepaid cards from collecting customer information as long as long as fixed monetary thresholds aren't exceeded. Yes, these exemptions are very small:

Source: Paytechlaw

So if the ECB believes that it must comply with existing regulation for electronic payments then surely a digital euro falls under e-money law, and thus it can have some anonymity. (Jerry Brito has pushed back on the first assumption, asking why a CBDC can't just occupy the same legal framework that has already been created for banknotes.)

By the way, the U.S. and Canada also provide such exemptions. That's why people can walk into a pharmacy and get a $200 Vanilla prepaid debit card without showing any ID and, say, buy food online for delivery. Or to make an anonymous donation.

Putting aside for the moment the ECB's views about payment anonymity, an interesting question is why democracies allow for small amounts of payments anonymity in the first place. 

On Twitter, we talk a lot about the civil liberties case for anonymity i.e. the right to stay anonymous. But that's not why regulatory exemptions to all-pervasive know your customer obligations exist. They exist because of political appeals to financial inclusion. Disadvantaged people often lack ID. To ensure that these people aren't locked out of the digital payment system, electronic money & prepaid card issuers are allowed to avoid collecting information when the amounts held are small.

So let's bring the conversation back to the ECB's report on a digital euro. Yes, the report did wrongly state that it can't legally provide anonymity. And yes, we can chide the ECB from a civil liberties perspective for not wanting to activate a feature for which it has legal right.

But given my earlier point about financial inclusion, a better critique is this:

The EU has chosen to build an anonymity exemption into payments law in order to ensure that all Europeans, including those without ID, can make digital payments. Why is the ECB choosing to avoid exploiting this exemption? In the very same report, after all, the ECB states that the decline in cash could "exacerbate financial exclusion for the 'unbanked' and for vulnerable groups in society, forcing the central bank to intervene." Isn't the ECB contradicting itself by saying that it wants to help the vulnerable while simultaneously refusing to activate a feature—anonymity—that might help reach this demographic?

Central banks such as the ECB are sailing into dicey political territory by choosing to pursue a new retail payment product. Who are they trying to serve, and why? More controversially, who are they choosing to not serve? Anonymity (or its lack) will be one of the most contentious design elements of a potential digital euro. Let's hope the ECB does a better job discussing this particular issue in the future. In this recent attempt it could be construed to be ducking behind non-exist laws rather than directly engaging with a tricky topic.

By the way, I understand why the ECB might not want to provide anonymity. The exemptions that AML5 permits are tiny. Is it even worth if for the ECB to exploit them? And let's face it, anonymity can attract bad actors. Due to their relative anonymity, iTunes and Steam gift cards are being repurposed by IRS and Social Security scammers as a safe way to extort payments from their victims. And ransomware operators have converged on bitcoin as a safe way to extort ransoms.


Balanced against the dangers of anonymity are peoples' very legitimate concerns about civil liberties and financial inclusion. It's a tough issue. I don't envy the ECB. 

No comments:

Post a Comment