EU Council discusses Digital EuroAnd how much privacy should it be?

Member states are negotiating rules for the planned digital currency, in particular exemptions from surveillance for offline transactions. A planned „single access point“ is a cause for concern, but additional privacy rules are also on the table. We publish working documents from recent months.

A waiter's cloche with metal cupola stands on a table, closed.
The Council is still cooking. – Public Domain generated with Midjourney

The EU is working on a Digital Euro. It’s intended as a public, data-minimising alternative to current payment services – both online and in the corner shop. The European Central Bank (ECB) is currently preparing the practical implementation, while the EU institutions are working on the required law. All of this does not yet decide whether there will actually be a Digital Euro – the final decision is up to the ECB – but it will set the framework for the new digital currency.

The Commission published its proposal for the law a year ago. Since then, the member states in the EU Council and the Parliament have been drafting their proposals. As soon as all three are done, they will have to agree on a common text in the final trilogue.

A central, controversial topic in the Council discussions is privacy. This is clear in working documents which we have received through a freedom of information request. Many member states seem to realise that a high level of privacy is decisive for whether the Digital Euro will be successful.

A lot of support – to a point

For example, a document from October 2023 (PDF) contains the member states’ proposed amendments for the privacy chapter of the proposed law. According to the document, Austria, Germany, the Netherlands, and France were explicitly in favour of privacy protections for users.

“Indeed, confidence in money depends on respect for privacy and proper management of user data,” argues the representative of France. Germany, too, thinks that privacy “is key to the public’s trust in the project.”

Still, these states think it’s necessary to collect data for specific purposes and, if necessary, to hand it over to criminal authorities. These include combatting fraud, money laundering, terrorism, and tax evasion. Whoever offers a Digital Euro account will have to follow certain requirements in those areas, the member states agree.

However, the currently planned rules for the Digital Euro exceed those for bank transfers. A separate proposal by the Commission for transactions in the common market will oblige payment service providers to systematically monitor transactions for indications of fraud. For this, they are supposed to check existing transaction data, for example prior behavior of users, and then delete it.

In the case of the Digital Euro, the Commission proposal wants the ECB and service providers to monitor transactions in real time. The Netherlands are critical: “How does the added benefit of real-time monitoring compare to the operational costs and privacy considerations?”

Anonymous offline transactions

Offline transactions using the Digital Euro are set to be excluded from monitoring. Service providers are only supposed to save data on how users pay money into and out of offline wallets. This data is limited to the amount of money paid in or out, the time of the payment, the identifier for the device, and the account number.

Additionally, the Commission wants to be able to set a limit on offline transactions, if necessary. What the Digital Euro will definitely have is a holding limit, which means there will also be a limit on how much of it a user can hold offline. The limit is currently being discussed between 500 and 3,000 Euros.

With these rules, the Commission consciously stuck close to the rules for cash. Cash transfers are not monitored either, while payments in and out of bank accounts are. The offline version of the Digital Euro is supposed to be close to cash, so the Commission wants to introduce similar rules.

Not all member states on board

But these exemptions are too much for some member states. “Currently, private cash transactions are the basis for the so-called shadow economy, and due to their untraceable nature, they are often used by criminals to hide the sources of funds and (or) fund movement,” writes Lithuania. Without data on offline Digital Euro transactions, this could mean extending the problem of non-traceability to the Digital Euro. Because of this, the country wants to eliminate the exemptions for offline transactions.

Portugal, too, sees offline transactions as a risk factor for money laundering and wants an extensive impact assessment from the Commission. Even better, in its eyes, would be to completely drop the exemptions. Italy calls for “a bespoke framework.”

It seems that the member states did not find a common position under the Spanish presidency in the second half of 2023. According to a document from December 2023 (PDF), a few member states agreed with the Commission’s proposal, while others want to collect more data.

France wants to expand exemptions

Already at that time, there was another proposal on the table that wanted to go in a different direction: A few member states were calling for more exemptions on transaction surveillance. They don’t want exemptions based on whether a transaction is online or offline, but on the distance that the money travels. A transaction from face-to-face should be excluded from monitoring, as it is the case with cash, while transactions on the internet should still be monitored.

In May, France drafted a so-called “non-paper” expanding on this proposal (PDF). The text is based on the recommendations that European data protection officials made for the Digital Euro. They wanted small transactions to be excluded from monitoring.

Central to the French argument is the point that users don’t care about the distinction between online and offline payments. They care about the situation in which they pay for a product, for example in a store or on the internet.

An open question is how the Digital Euro should distinguish between payments in proximity and over a larger distance. France proposes to use data on which kind of payment is being used. If a cash register in a store makes a payment request, this should count as a proximity payment. If it’s an e-commerce interface in a web shop, it should not.

Why do we need a single access point?

Besides offline transactions, member states also discussed another point: The “single access point” at the ECB. According to the Commission, this is needed so that users can switch their accounts between different service providers. The proposal leaves it to the ECB to open such an access point, which is then supposed to store identifiers of users in a single place.

“State-of-the-art” data protection mechanisms are supposed to prevent unauthorised third parties from identifying users through this access point. Ireland, somewhat irritated, points out that the law doesn’t contain a definition for what that means. The Irish want to talk about “high standards of security and privacy-preserving measures” instead.

Germany is skeptical about the single access point in general. “A single access point with all user identifiers could be a significant risk to privacy,” says one of its remarks and asks for further explanation on who will have access to this data and why central storage is necessary in the first place.

More rules for central banks

Following Spain, Belgium took over the Council Presidency in the first half of this year. During that time, the member states discussed privacy on May 30. A Belgian document (PDF) summarises the open questions discussed at the meeting and presents ideas on how ECB and national central banks could protect users’ data better.

For example, Belgium proposes obliging the central banks to design the Digital Euro so that they can’t directly identify users. For this, the law could explicitly include encryption, data minimisation as well as limitations on re-use.

The document also proposes an explicit prohibition on central banks identifying users. Organisational measures in central banks could prevent information sharing between teams working on the Digital Euro and other areas. Beyond that, specific rules and control mechanisms could be introduced to check whether central banks are upholding the privacy rules of the Digital Euro.

This article is part of a series on the Digital Euro. The Centre Responsible Digitality financially supported the research for it through its Journalist in Residency program.

Deine Spende für digitale Freiheitsrechte

Wir berichten über aktuelle netzpolitische Entwicklungen, decken Skandale auf und stoßen Debatten an. Dabei sind wir vollkommen unabhängig. Denn unser Kampf für digitale Freiheitsrechte finanziert sich zu fast 100 Prozent aus den Spenden unserer Leser:innen.

1 Ergänzungen

  1. „Still, these states think it’s necessary to collect data for specific purposes and, if necessary, to hand it over to criminal authorities. These include combatting fraud, money laundering, terrorism, and tax evasion. Whoever offers a Digital Euro account will have to follow certain requirements in those areas, the member states agree.“

    This is exactly the guarantee GNU Taler provides.
    It prevents tax evasion and fraud by design. And this happens while protecting the privacy of the customer. I hope they realize this and make GNU Taler a reality.

Wir freuen uns auf Deine Anmerkungen, Fragen, Korrekturen und inhaltlichen Ergänzungen zum Artikel. Bitte keine reinen Meinungsbeiträge! Unsere Regeln zur Veröffentlichung von Ergänzungen findest Du unter netzpolitik.org/kommentare. Deine E-Mail-Adresse wird nicht veröffentlicht.