The European Central Bank (“ECB”) is preparing for a new era in the financial world with its work on the digital Euro. However, this initiative brings with it a number of important privacy and data protection concerns. As the European Parliament and the Council of the European Union are due to examine in the coming months the proposal for a regulation establishing a digital euro (“Regulation Proposal”), European Commission, sensitive to privacy and data protection concerns, has requested the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) to issue a Joint Opinion.
The Joint Opinion states that the main objective is to ensure privacy and data protection in the use of the digital euro. The EDPB and EDPS emphasized that the digital euro will always preserve the flexibility of users to choose their payment preferences between digital euro or cash and that the digital euro will not be “programmable Money”. However, the Joint Opinion also emphasizes that the current Regulation Proposal falls short on a number of important points and that further improvements are needed.
In particular, requirements such as further elaboration of distribution methods, clearer regulation of digital euro unique identifiers in terms of access and data protection, and greater clarity on the processing of personal data are suggested. In addition, it is stated that there should be detailed explanations and regulations on the limits and management of data processing, especially for transactions carried out by payment service providers.
EDPB and EDPS emphasize that the provisions set out in Regulation Proposal on ECB's anti-fraud mechanisms are vague, which could undermine the effectiveness of the mechanism and raise privacy concerns, and that clearer and more precise rules are therefore needed. The digital euro needs stronger protection against IT and cybersecurity risks. There are also shortcomings regarding setting privacy standards for low-value online payments, in this context, it is emphasized that privacy standarts should be set.
In summary, while ECB's work on the digital euro is still ongoing, the Joint Opinion emphasizes the need to take steps to ensure transparency on privacy and data protection, and to protect the rights of users. In the process, ECB needs to remember its obligation to conduct a Data Protection Impact Assessment (“DPIA”), and ensure that design and technological choices are compatible with privacy and data protection obligations.
In this context, it is critical that the work on the digital euro is based on more strong, clear, and precise baasis in terms of privacy and data protection and that the rights of users are protected.
You can access full text of joint oinion via this link.