The ICO exists to empower you through information.

Introduction

A central bank digital currency (CBDC) is money that a country’s central bank can issue in digital (or electronic) form, rather than as physical money, such as cash and coins. For example, in the UK this digital money (a “digital pound”) would be issued by the Bank of England. It would hold the same value as physical money and could be used in similar ways as money stored in a bank account and be used for everyday payments.  

Governments and central banks around the world are investigating how CBDCs can be introduced into existing monetary systems, to cater for changes in a payments landscape where physical money is used less often. In order to promote trust in their development and use, it is important that data protection is built into the development process of CBDCs from the outset. This chapter explores some of the emerging data protection considerations associated with the technology, internationally and in the UK.

About CBDCs

Whilst the concept of an electronic payment system backed by a central authority is common to CBDCs, there are different types of CBDC, underpinned by different deployments and technologies.  

CBDCs are commonly described as “wholesale” and “retail”. Wholesale CBDCs are not new and are granted by the central bank to financial institutions to, for example, settle high-value inter-bank transfers. Retail CBDCs are digital money issued by central banks for use by private sector businesses and individuals to make everyday payments.

Retail CBDCs are backed as an electronic form of a nation’s currency by central banks. In this way they are different to cryptocurrencies which are issued by private sector organisations. Cryptocurrencies are usually by nature decentralised. In contrast CBDCs have a centralised governance and decision-making architecture, managed by central banks and governments. Further, CBDCs are not necessarily based on distributed ledger technologies (DLTs) and are more stable and likely to retain value over time.

State of development – CBDCs around the world

To date, approximately 130 national governments (representing approximately 95% of world GDP and including all of the G7) have begun looking into the application of CBDCs. More than 15 national schemes are in a pilot or later stage, including in France, Canada, India, Singapore, and China. The implementation of a “digital Euro” has entered a preparation stage, with the European Central Bank (ECB) currently working with European national central banks on the topic. 

Globally there are different models and deployments of CBDCs being progressed. Arguments in favour of their adoption include: 

  • That CBDCs are more inclusive and will help the unbanked engage in financial transactions more effectively and safely.
  • CBDCs have been suggested to improve the process of cross-border payments, especially where those payments involve exchanges between two respective domestic CBDCs. 
  • The increased ease of providing payments from governments to people has been cited. Practical implementations might include making rapid stimulus payments during financial or other crises,  which is being considered by some countries (though not in the UK).

State of development – a CBDC in the UK

HM Treasury and the Bank of England have been assessing the case for retail CBDCs, in response to the changing ways people and businesses use money in the UK. The following are potential benefits which are driving interest in the development of a digital pound.

  • The introduction of a digital pound could act as an anchor for the wider monetary system by promoting trust and confidence in money and payments. 
  • A digital pound could provide a platform for private-sector financial innovation. Central banks could support new organisations offering CBDC-based financial products and services, in the same way that they support retail banks.
  • A digital pound backed by the Bank of England would mitigate the risks of forms of other kinds of electronic money which are locked into a “walled garden” by a single provider, where users cannot transfer that money elsewhere.

CBDC policy development in the UK

The February 2023 consultation on a Central Bank Digital Currency released by the Bank of England and HM Treasury concludes that it is likely that a digital pound would be needed in the UK in future, however no decision has yet been made to launch one. 

Exploration of how a digital pound might be designed is ongoing, however the Bank of England’s 2023 digital pound technology working paper discussed a possible model built around a secure centralised core ledger with access provided to third-party Payment Interface Providers, through which users engage with CBDC payments and services. 

In January 2024 HM Treasury and the Bank of England published a response to their 2023 consultation. This response states that while it is too early to decide whether to introduce a digital pound, further preparatory work will be carried out.

The response also sets out that privacy would be a core design feature of any future digital pound. It confirms that legislation would be introduced to Parliament, guaranteeing that neither the government nor the Bank of England would be able to access users’ personal data, and that further technological options would be explored to prevent the Bank of England accessing any personal data through the CBDC’s core infrastructure. The digital pound would be at least as privacy-preserving as current forms of digital money, such as money stored in a commercial bank account.

Data protection and privacy implications

The concept of the provision of digital money by central banks and governments has led to understandable questions about privacy, data protection and control of payment flows. This section discusses some of the general data protection and privacy considerations associated with CBDCs. 

As is the case with how people use money today, providing a high standard of data protection is critical to building and maintaining public trust and engagement with CBDCs. If the public loses confidence in the security and confidentiality of their personal information in monetary systems, trust could be undermined.  

As a general principle, those developing CBDCs need to consider if personal information might be processed within the deployment of these systems and ensure users can exercise their data protection rights, if such processing is unavoidable. They need to identify controllers and processors, so they are clear about their obligations and ensure that systems remain fair and transparent, and to ensure users trust in those systems.

  • Access to information: as can occur in current digital payments systems, the information collected and processed for CBDCs to operate may be made available to a range of intermediaries (eg possible CBDC digital wallet providers, which is one mechanism through which CBDCs might be dispensed). Existing digital payment systems operate under established mechanisms to limit the information available to parties, even if a confirmation of identity is needed. An example of this is the confirmation of payee scheme which establishes that a payee’s identity is correct without the need to share that same identity. The development of CBDCs can consider similar mechanisms to minimise the amount of personal information that is processed and to promote privacy.
  • Processing for law enforcement or anti-money laundering requirements: for fraud and money laundering to be identified, or for law enforcement organisations to track illegal payments and the proceeds of crime, relevant transaction information must be monitored and analysed. As is the case for existing bank accounts, considering how access to transaction information is provided for these purposes without impacting the privacy of third parties is also a key technical consideration.
  • Risk of re-identification: while the information about people’s CBDC use may be pseudonymised or encrypted, central banks will need to ensure that the information they process is not combined with other sources in a way that may lead to reidentification of users. Otherwise, there is a risk that sensitive information about a person and their spending habits could be revealed.
  • Immutability of records: no decision has been made about using DLTs in a possible digital pound. However, in CBDCs which do involve the use of distributed ledger technology, trust in the system is supported by its permanent, unalterable nature. This has implications for users’ data protection rights around accuracy and rectification, as well as erasure, as discussed in the decentralised finance chapter of last year’s Tech horizon’s report. If information needs to be corrected or removed to comply with these rights, this will consequently impact the trust in the chain and the provenance of the information held on it. Without a mechanism in place to resolve this, the tension between the rights of users and the trust in the chain may also have secondary effects, as users feel less able to raise concerns and exercise their rights.

Cross-border information sharing: Where cross-border payments are made by users today, transaction information could become available to actors in other jurisdictions which might have different data protection regimes. This is also the case where the payments are made between two different CBDCs, as information about a person’s user transactions could now be present in two different CBDC systems. If personal information is being transferred internationally, international transfer requirements would need to be met.

Recommendations and next steps

The ICO has and will continue to engage collaboratively with HM Treasury and the Bank of England about how data protection and privacy might be best preserved in a possible digital pound. We welcome the emphasis placed on data protection, and its recognition of the opportunities to preserve privacy and support of user control of personal data when using digital money.

  • As the Bank of England and HM Treasury continue to explore the concept and design of a CBDC – and their legislative commitments to guaranteeing users’ privacy - we will continue to engage and provide a data protection perspective to this process. 
  • Where organisations introduce new or novel processing of personal information which is likely to result in a high risk to people, a data protection impact assessment (DPIA) is required. This is also true when major new projects are undertaken which require the processing of personal information. Even if there is no specific indication of likely high risk, it is good practice to complete a DPIA for any major new project involving the use of personal data. In designing and developing a potential digital pound, the Bank of England and HM Treasury should consider whether a DPIA is necessary. 
  • Data protection law will help ensure that CBDCs and associated applications are developed in a way that respects people’s rights and promotes trust in this technology. Following a data protection by design and default approach when developing the CBDC regulatory framework and technological infrastructure is key to achieving this outcome.