Skip to content
Guidance · EDPB ·042022-on-the-design-choices-for-a-digital-euro EN LLM context A cited markdown file you can paste into your AI assistant (ChatGPT, Claude, a RAG or project knowledge base) to ground it in this document. Contains: this document’s text, its sections with their topics, and the full text of every law provision it applies. Everything links back to its source on overview.legal — legal information, not advice.

Statement 04/2022 on the design choices for a digital euro from the privacy and data protection perspective

Summary

1 Adopted Statement 04/2022 on the design choices for a digital euro from the privacy and data protection perspective Adopted on 10 October 2022 The European Data Protection Board has adopted the following statement: In July 2021, the European C entral B ank (ECB) decided to launch a 24 - month investigation phase for a possible digital euro, aiming at the issuance of the digital euro, if confirmed, two or three years after 1 . Given the possible h igh risks for fundamental rights and freedoms…

How it connects

Full text

1 Adopted Statement 04/2022 on the design choices for a digital euro from the privacy and data protection perspective Adopted on 10 October 2022 The European Data Protection Board has adopted the following statement: In July 2021, the European C entral B ank (ECB) decided to launch a 24 - month investigation phase for a possible digital euro, aiming at the issuance of the digital euro, if confirmed, two or three years after 1 . Given the possible h igh risks for fundamental rights and freedoms that the deployment of such project could entail for European citizen, the EDPB issued a letter 2 recalling the principle of privacy and data protection by design and by default and offering its advice on the subject matter during the investigation phase. Following the positive response of the ECB, the EDPB started expert meetings with the Data Protection Officer and the Digital Euro operational team, which were very useful for a better understanding of the project . These exchanges enabl ed the EDPB to give regular feedback to the ECB operational team as regards the policy implications of the project in terms of privacy and data protection. In February 2022, the European Commission (‘the Commission’) announced its intention to table a draft EU legislative instrument supporting the introduction of the digital euro in EU law in 2023 3 . Lastly, the Eurogroup held several thematic discussions in 2021 and 2022 in order to follow up the ma in policy aspects of the project, including privacy and data protection aspects. As the ECB Governing Council recently took steps on a first subset of design choices of the investigation phase, notably concerning online/offline availability of the digital euro , data privacy level and transfer mechanisms, the EDPB wants to recall in writing the guidance delivered and the position expressed during the last year. 1 See for more FAQs on the digital euro (europa.eu) , question 8 2 https://edpb.europa.eu/system/files/2021 - 07/edpb_letter_out_2021_0111 - digitaleuro - toecb_en_1.pdf 3 European Commission State of the Union letter of intent https://state - of - the - union.ec.europa.eu/system/files/2022 - 09/SOTEU_2022_Letter_of_Intent_EN_0.pdf 2 Adopted Privacy and d ata protection by design and by default As a preliminary comment, the EDPB recalls 1 that a very high standard of privacy and data protection , in line with the public expectations expressed by citizens, is crucial to ensure the trust of Europeans in the future digital euro, representing a key factor of success of the project. As compared t o the physical cash and its beneficial properties for privacy and liberties, it is certain that the distinctive value proposal for a digital euro in an already highly competitive and efficient payment landscape would be its high level of privacy, which is the task of the public sector to provide and would be a decisive trigger in its adoption by EU citizens. For this reason , a digital euro sh ould be designed as close as possible to physical cash . The EDPB recommends that, in order to fulfil the principles of privacy and data protection by design and by default in compliance with applicable privacy and data protection provisions , the investigation phase should explore different technological solutions, already available or otherwise scalable in a reasonable timeframe, to allow a comparison between different design choices having regard to privacy and data protection. In this regard, t he design choices adopted by the ECB should be based on a documented impact assessment of all risks concerned s till privileging innovative, privacy enhancing technologies ( such as e - cash, Zero Knowledge Proof) . At this stage of the investigation phase, design options on privacy and data protection have been endorsed by the ECB Governing C ouncil, based on the natur e of the validation of transactions and the type of use (online or offline ) of the digital euro, as reflected by the documents presented by the ECB to the stakeholder consultation 4 which were confirmed by the ECB report on progress on the investigation pha se of a digital euro , published recently 5 . Avoid systematic transaction validation and tracing T he EDPB notes that the “ baseline scenario ” chosen by the ECB would be to develop a form of digital euro available online and with transactions validated by a third party 5 . Such design choice would entail full transparency of certain personal data (including transaction data ) to the third party for AML/CFT purposes. The introduction of an offline modality, with private transactions and holdings for proximi ty payments of lower value, and of a “selective privacy” 5 approach for the online modality, where only large value transactions are subject to AML /CFT checks, are described as “beyond the baseline” and needing further investigation. In order to meet the po licy objectives enshrined in A rticles 7 and 8 of the European Charter of Fundamental rights and the high privacy standard that only the public sector can offer, it might not always be appropriate to foresee a validation of transactions by a third party. Th e regulatory checks, if needed, as a rule should be run ex post and on a targeted basis, in the presence of a specific AML/CFT 4 https://www.ecb.europa.eu/paym/digital_euro/investigation/governance/shared/files/ecb .degov220504_fou nddesignoptions.en.pdf?6350327ade6044017df4df0a8812b7dc 5 https://www.ecb.europa.eu/paym/digital_euro/investigatio n/profuse/shared/files/dedocs/ecb.dedocs22092 9.en.pdf ; pages 5 to 8 . 3 Adopted risk . A validation of all (each and every) transactions in digital euros might not be in line with the data protection principles of necessity and proportionality, as interpreted by CJEU case law 6 . A privacy threshold, both offline and online Against this background, the EDPB suggests to introduce in the baseline scenario , both for offline and online modalities, a “privacy threshold ” expressed as a value of transaction under which no tracing of the transactions may occur, thus providing trust to citizens on the privacy of day - to - day payments in digital euros and reflecting it s low risk nature in terms of AML/CFT. This absence of trac ing means, that the low value transactions are not subject to checks and are not recorded in the accounts of the intermediary . Furthermore , the EDPB recommends the digital euro to be modelled as closely as possible to a peer - to - peer modality , available both offline and online , as opposed to an account - based model . If an account were necessary for the functioning of the digital euro, the EDPB would recommend to explore if and how its functioning could reduce the interconnection s with bank or electronic mo ney account s to the time when users deposit from or refill their digital euro wallet, as it is the case currently with the ATMs 7 . Need for a specific regulatory framework Further , the EDPB recommends developing a specific legal framework for the digital e uro, which should specifically address data protection and AML /CFT aspects, along with the development of other legal issues. Indeed, the current legal framework on electronic payments 8 does not seem to be appropriate for a tool like the digital euro, whi ch has grounding different characteristics from other means of electronic payments existing nowadays in terms of policy objectives and level of trust necessary to meet the expectations of the public. The EDPB recommends t hat this specific legal framework s hould be part of the “baseline scenario” envisaged by the EU institutions . The EDPB thus welcomes the Commission intention to propose such a legal framework in 2023. It stands ready to provide relevant guidance to the Commission and the co - legislators thereafter, to ensure that the right balance is reached between data protection and other objectives , such as AML/CFT , taking into account all relevant objectives of the introduction of the digital euro. This guidance could be based on the present statemen t, informal meetings as necessary and a joint EDPB/EDPS opinion on the Commissions’ draft legislative instrument. As regards the proper prior assessment of risks for rights and freedoms of data subjects, the EDPB recalls that a data protection impact asses sment will be necessary in compliance with the current data protection regulations. The EDPB also recommends that privacy and AML/CFT risk assessments shall 6 See in particular: La Quadrature du Net and Others (Case C - 511/18 , judgment delivered on 6 Oct ober 2020 ), ECLI:EU:C:2020:791 ; Tele2 Sverige AB ( Case C - 203/15, judgment delivered on 21 D ecember 2016), ECLI:EU:C:2016:970 ; Ministerio Fiscal (Case C - 207/16, judgment delivered on 2 October 2018), ECLI:EU:C:2018:788 . 7 Automated T eller Machines or banking machines used for cash withdrawals. 8 Directive 2009/110/EC of the European Parliament an d of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions and Directive (EU) 2015/2366 of the European Parliament and of the Council of November 2015 on payment services in t he internal market 4 Adopted be run together in order to comprehensively assess and mitigate both risks, which are somehow mutua lly related , before proposing specific design options. Encourage public democratic debate Finally, the EDPB calls on to the ECB and the Commission to enhance public debate on the protection of personal data in digital payments. In the opinion of the EDPB , the ECB and the C ommission could reap the benefits from additional external input from civil society and academia on how , in practice, the digital euro project could meet the highest privacy and data protection standards . The EDPB welcomes the fruitful exchanges held so far with the ECB digital euro operational team and is prepared to provide further advice to the ECB as the exploratory phase continues, reviewing and deepening the design options envisaged, as a key contribution to the success of a digita l euro project respecting the fundamental data protection rights of i ndividuals . As regards the implementation of the e - commerce use case of the prototyping 9 , the EDPB recommends to make sure that the proposal will be fully in line with the Schrems II ruli ng and other applicable data protection rules. For the European Data Protection Board The Chair (Andrea Jelinek) 9 https://www.ecb.europa.eu/paym/intro/news/html/ecb.mipnews220916.en.html

Similar Content