Central Bank Digital Currencies (CBDCs)

Introduction

A central bank digital currency (CBDC) is money that a country’s central bank can issue in digital (or electronic) form, rather than as physical money, such as cash and coins. For example, in the United Kingdom this digital money (a “digital pound”) will be issued by the Bank of England. It will hold the same value as physical money and can be used in similar ways to money stored in a bank account and used for everyday payments.

Governments and central banks around the world are exploring how CBDCs can be introduced into existing monetary systems to allow for changes in a payments landscape where physical money is used less frequently. To promote confidence in their development and use, it is important that data protection is built into the development process of CBDCs from the outset. This chapter examines some of the emerging data protection considerations associated with the technology, internationally and in the UK.

About CBDCs

Although the concept of an electronic payment system backed by a central authority is common to CBDCs, there are different types of CBDC, underpinned by different deployments and technologies.

CBDCs are commonly described as “wholesale” and “retail”. Wholesale CBDCs are not new and are granted by the central bank to financial institutions to settle, for example, high-value interbank transfers. Retail CBDCs are digital money issued by central banks for use by private sector businesses and individuals to make daily payments.

Retail CBDCs are backed as an electronic form of a country’s currency by central banks. In this way, they differ from cryptocurrencies issued by private sector organizations. Cryptocurrencies are usually decentralized by nature. In contrast, CBDCs have a centralized governance and decision-making architecture, managed by central banks and governments. Furthermore, CBDCs are not necessarily based on distributed ledger technologies (DLTs) and are more stable and likely to retain value over time.

State of Development – CBDCs Around the World

To date, approximately 130 national governments (representing approximately 95% of the world’s GDP and including the entire G7) have initiated look at the application of CBDCs. More than 15 national schemes are at a pilot or later stage, including in France, Canada, India, Singapore and China. The implementation of a “digital Euro” has entered a preparatory phase, with the European Central Bank (ECB) currently working with European national central banks on the subject.

Globally, there are different models and deployments of CBDCs being advanced. Arguments in favor of their adoption include:

That CBDCs are more inclusive and will help the unbanked to engage in financial transactions more effectively and safely.
CBDCs have been proposed to improve the process of cross-border payments, particularly where those payments involve exchanges between two respective domestic CBDCs.
The greater ease of providing payments from governments to people was cited. Practical implementation could include making rapid stimulus payments during financial or other crises, which is being considered by some countries (although not in the UK).

State of development – ​​a CBDC in the United Kingdom

HM Treasury and the Bank of England assessed the case for retail CBDCs in response to the changing ways people and businesses use money in the UK. The following are potential benefits driving interest in developing a digital pound.

The introduction of a digital pound could act as an anchor for the wider monetary system by promoting trust and confidence in money and payments.
A digital pound could provide a platform for financial innovation in the private sector. Central banks can support new organizations offering CBDC-based financial products and services in the same way they support retail banks.
A digital pound backed by the Bank of England would reduce the risks of other forms of electronic money being locked in a “walled garden” by a single provider, where users cannot transfer that money elsewhere.

CBDC Policy Development in the United Kingdom

Data protection and privacy implications

The concept of providing digital money by central banks and governments has led to understandable questions about privacy, data protection and control of payment flows. This section discusses some of the general data protection and privacy considerations related to CBDCs.

As is the case with how people use money today, supply a high standard of data protection is critical to building and maintaining public trust and engagement in CBDCs. If the public loses confidence in the security and confidentiality of their personal information in money systems, trust can be undermined.

As a general principle, those developing CBDCs should consider whether personal information may be processed within the deployment of these systems and ensure that users can exercise their data protection rights, if such processing is unavoidable. They must identify controllers and processors, so that they are clear about their obligations and ensure that systems remain fair and transparent, and to ensure that users trust those systems.

Access to information: as may occur in current digital payment systems, the information collected and processed for CBDCs to function may be made available to a range of intermediaries (e.g. potential CBDC digital wallet providers, which is one mechanism through which CBDCs may be issued) . Existing digital payment systems operate under established mechanisms to limit the information available to parties, even if a confirmation of identity is required. An example of this is the confirmation of beneficiary scheme which establishes that a beneficiary’s identity is correct without the need to share the same identity. The development of CBDCs may consider similar mechanisms to minimize the amount of personal information processed and to promote privacy.
Processing for law enforcement or anti-money laundering requirements: for fraud and money laundering to be identified, or for law enforcement organizations to track illegal payments and the proceeds of crime, relevant transaction information must be monitored and analyzed. As in the case of existing bank accounts, consideration of how access to transaction information is provided for these purposes without affecting the privacy of third parties is also an important technical consideration.
Risk of re-identification: although the information about people’s CBDC use can be pseudonymized or encrypted, central banks will need to ensure that the information they process is not combined with other sources in a way that could lead to re-identification of users. Otherwise, there is a risk that sensitive information about a person and their spending habits could be revealed.

Immutability of records: no decision has been made on the use of DLTs in a possible digital pound. But in CBDCs that do involve the use of distributed ledger technology, trust in the system is supported by its permanent, immutable nature. This has implications for users’ data protection rights around accuracy and rectification, as well as erasure, as discussed in the decentralized finance chapter of last year’s Tech horizon’s report. If information needs to be corrected or removed to comply with these rights, this will consequently affect trust in the chain and the provenance of the information held on it. Without a mechanism in place to resolve this, the tension between the rights of users and trust in the chain can also have secondary effects, as users feel less able to raise concerns and exercise their rights.

Sharing information across borders: Where cross-border payments are made by users today, transaction information may become available to actors in other jurisdictions that may have different data protection regimes. This is also the case where the payments are made between two different CBDCs, as information about a person’s user transactions can now be present in two different CBDC systems. If personal information is transferred internationally, international transfer requirements will need to be met.

Recommendations and next steps

The ICO has and will continue to work with HM Treasury and the Bank of England on how data protection and privacy can best be preserved in a possible digital pound. We welcome the emphasis placed on data protection, and its recognition of the opportunities to preserve privacy and support user control of personal data when using digital money.

As the Bank of England and HM Treasury continue to explore the concept and design of a CBDC – and their legislative obligations to guarantee user privacy – we will continue to engage and provide a data protection perspective to this process.
Where organizations introduce new or novel processing of personal information that is likely to result in a high risk to people, a data protection impact assessment (DPIA) is required. This is also true when undertaking large new projects that require the processing of personal information. Even if there is no specific indication of likely high risk, it is good practice to complete a DPIA for any major new project involving the use of personal data. In designing and developing a potential digital pound, the Bank of England and HM Treasury should consider whether a DPIA is needed.
Data protection legislation will help ensure that CBDCs and related applications are developed in a way that respects people’s rights and promotes trust in this technology. Taking a data protection by design and default approach when developing the CBDC regulatory framework and technological infrastructure is key to achieving this outcome.