Arguably, the two biggest challenges for retail central bank digital currencies (CBDCs) are whether the public sees them as useful and concerns about privacy. Despite coverage to the contrary, central banks design most current CBDCs with good intentions. However, with many countries shifting towards more divisive politics, some worry that CBDCs designs could be tweaked. These concerns relate to a central bank or regulator dictating who can use the CBDC or restricting how the money can be spent. Alternatively, there are big brother snooping concerns. A recent paper by staff at the International Monetary Fund offers a thoughtful approach to the topic.
At a high level the report shows a deep appreciation of the issues. But it also delivers a practical how-to framework.
More than once they cite a 20-year-old paper that argues privacy is inherent to the nature of money. That ‘Money is Privacy’ report was in response to the growth of ecommerce, including the use of personal data to charge higher prices to some people. The ‘Money is Privacy’ paper even suggested some might want to use an intermediary in order to anonymize payments in the absence of anonymous money. This was before the invention of Bitcoin.
The IMF authors cite an Edelman Trust Institute study that found respondents trust businesses (63%) more than government institutions (51%). However, the research spanned 28 countries, with people putting greater trust in the government in four jurisdictions.
Apart from the collection of data, privacy risks come from external events, such as data leakages, data abuses, cyberattacks, and cross-border payments data flows.
The proposed framework adopts a three step approach:
- Define data use cases
- Identify risks to privacy
- Implement privacy by design and PETs (privacy enhancing technologies).
Data use cases
Personal data isn’t particularly useful for central banks. However, aggregated transaction data can be used for monetary statistics and to optimize monetary policies.
The report notes that the European Central Bank and the Bank of England have vowed not to access or use personal data for CBDC. Although it said that “other central banks (for example, the Reserve Bank of India) have emphasized the economic value of CBDC data.”
On that point, one of the purposes for collecting private information may be to provide credit scores for those that lack traditional credit histories.
The paper explores how each participant – central banks, payment service providers, merchants and consumers – might desire to access either aggregated data or private information. For consumers, the desire is to control that access.
One question is whether central banks can learn from the BigTech experience, particularly from China’s Alibaba and the associated payments app Alipay. It notes that data collection can help to expand access to credit. At the same time, it says BigTech profit incentives result in the erosion of consumer privacy.
The question is whether there is a similar risk for CBDCs with payment service providers (PSPs). “A nonbank that manages payment data is a central node in the economy that would have incentives to launch additional nonbank services or platforms tied to its central role.”
On the other hand, banks don’t combine data and there are many of them, so with banks involved in CBDC, it’s more likely to resemble the traditional payment system. If non-bank PSPs are involved in distributing a CBDC, it could resemble the BigTech scenario if one of them is dominant. Perhaps that might include a wallet app.
For those interested in the topic, the IMF’s paper is well worth a read.
Meanwhile, in June the ECB published a blog post about making the digital euro private and we analyzed the digital euro progress on that front.