Will CBDCs respect your privacy? The answer is complicated


The growth of bitcoin (BTC) and the broader crypto industry has prompted numerous changes in traditional monetary and financial systems, even forcing central banks to act.

They couldn’t ignore trends in monetary and financial technologies and have begun developing their own digital currencies, known as CBDCs (central bank digital currencies), implementing solutions similar to those used by bitcoin, albeit notably lacking in decentralization and privacy. The latter has become the primary concern for both current and potential users of CBDCs and is at the forefront of debates surrounding them.

How will CBDCs differ from the digital fiat currencies currently in use? Why is privacy a concern in this context, and what developments are underway? Let's explore.

Another form of money

In many countries, physical cash has been eclipsed by its digital counterpart, which is held by commercial banks. Meanwhile, CBDCs would represent a third form of state-controlled currency and would be the liability of a central bank. In contrast, electronic cash held by commercial banks constitutes their liability to their clients.

While the majority of central banks are still in the research or development phase of CBDCs, citizens in some countries, such as China, India, Jamaica, Nigeria, and the Bahamas, can already use this new form of currency. How is its adoption progressing? China claims that it’s growing, but the usage of the digital rupee in India has declined in recent months.

Additionally, DCash, the Eastern Caribbean Central Bank-backed digital currency, went offline for several weeks in 2022.

The European Central Bank (ECB) is currently in an advanced research stage regarding the potential launch of the digital euro, while the digital yen is in the pilot phase in Japan. However, it has not yet been decided whether it will be launched at all.

Meanwhile, in the US, the Federal Reserve (Fed), while conducting multiple pilots, recently signaled that they are nowhere near recommending the launch of the digital dollar. In the US, Congressman Tom Emmer recently introduced legislation to ‘halt the efforts of unelected bureaucrats in Washington, DC, from issuing a CBDC that dismantles Americans’ right to financial privacy.’

And all of them, even autocratic regimes such as Russia and China, need to address the same issue – the privacy of CBDC users.

Why is privacy a concern in the first place?

‘Absolute control’

The New York-based Human Rights Foundation, a staunch supporter of bitcoin and its privacy-focused BTC projects, explains that the introduction of a CBDC creates a direct link between citizens and central banks, raising multiple concerns. These concerns include:

As Augustín Carstens, General Manager of the Bank for International Settlements (BIS), an organization representing the interests of central banks, once remarked, “With the CBDC <...> the central bank will have absolute control on the rules and regulations that will determine the use of that expression of central bank liability, and also we will have the technology to enforce that.”

Not a viable option

Since these remarks, central banks have attempted to backtrack, claiming that user privacy is the top priority when designing a CBDC. This isn’t surprising, considering, for instance, a 2020 survey by the ECB, which revealed that 43% of respondents ranked privacy as the most important aspect of the digital euro, way ahead of other aspects.

Additionally, a separate survey by the BIS found that “the willingness to use CBDC increases substantially when it is designed to preserve the privacy of its users by storing their personal identity information and transaction data separately in two different institutions, and when the potential privacy benefits of using CBDC are informed.”

However, as the ECB has noted, “full anonymity is not considered a viable option from a public policy perspective.”

So, what are the actual policies and plans aimed at preserving users’ privacy? To summarize current examples in China, India, Nigeria, or plans in the eurozone and the UK, the same pattern emerges – user privacy is guaranteed until a state institution decides otherwise. In other words, the level of privacy is similar to what we have now when using the services of commercial banks, but this time, there’s still a direct link between your account and a central bank or government.

However, the ECB asserts that all user data collected by intermediaries (commercial banks) during onboarding would remain with the intermediary and not be shared with the Eurosystem, consisting of the ECB and central banks of the eurozone member states.

"The Eurosystem has no interest in people's personal payment data or payment habits. The Eurosystem would not be able to identify individuals based on their transactions," the bank claims, emphasizing that they would only have access to encrypted data necessary to settle digital euro transactions.

Selective privacy

The ECB and other central banks that have either launched CBDCs or are still in the process emphasize that data remains private unless there is a need, such as for law enforcement to prevent or investigate illicit activities.

Another common theme in CBDC projects is a two-tiered payment system. This implies that small payments could be more private than larger ones. The ECB even discussed a "novel new concept" of "anonymity vouchers" – the amount that can be spent anonymously would be limited by the number of vouchers provided by authorities.

Even when discussing privacy-enhancing techniques like rotating public keys and zero-knowledge proofs, the ECB acknowledges that, in the case of these vouchers, anti-money laundering authorities would still know the real identities of the payer and payee whenever transactions without anonymity vouchers were sent for approval.

These policies and plans are also scrutinized by privacy watchdogs.

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have urged to avoid excessive centralization of personal data by the ECB or national central banks. They also called for clarification on the process by which the ECB will verify whether the amount of digital euro held in an account exceeds the limit (according to preliminary plans, it might be capped at around €3,000).

In either case, despite a few ongoing projects, CBDCs are still mostly a work in progress, and it remains unclear what final form they will take and how users' privacy will be protected. The BIS, ECB, Fed, and other national central banks emphasize the need for further work to strike the best balance between privacy and the state's urge to control their citizens.

However, even if all banks agree on the same model, its implementation would also depend on a country's political system. While citizens in more developed, democratic countries may feel more secure, autocratic states and dictatorships are more likely to abuse their powers regarding CBDCs.

Moreover, governments change, and a privacy-respectful government does not guarantee the same from the next one. Therefore, based on existing CBDC examples and development plans, the element of trust in central banks and governments is likely to persist, with hopes that they will not abuse their power or pressure CBDC users directly or through intermediaries.

Meanwhile, while promising privacy for CBDC users, governments worldwide continue their efforts against privacy-focused technologies in the cryptoasset space while also limiting cash usage.


More from Cybernews:

I installed 100 apps and left my iPhone idle: it reached out to Russia

OpenAI, Alphabet, Microsoft, and Nvidia CEOs will collaborate on AI safety efforts

Roku hops on the “video ad on the home screen” trend

Philadelphia Inquirer struck by cyberattack

Tesla brutally fires dedicated employee who slept in his car and showered at work

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked