The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have released a Joint Opinion on the proposed Regulation on the digital euro, a central bank digital currency. The digital euro is designed to give people the option of making payments electronically, both online and offline, in addition to cash. The EDPB and the EDPS appreciate the efforts taken to address data protection aspects and particularly commend the option for users to choose between digital euros or cash for payments.
The EDPB and the EDPS have offered several recommendations to further enhance data protection and privacy standards for the digital euro. They emphasize the importance of processing only the necessary personal data of users and avoiding excessive centralization of personal data by the European Central Bank (ECB) or national central banks. The digital euro regulation proposes a single access point to ensure that the amount of digital euros held by each user doesn’t exceed the holding limit. The EDPB and the EDPS have called for more clarity on the processing of user identifiers and holding limits.
The EDPB and the EDPS have also addressed the fraud detection and prevention mechanism (FDPM) included in the proposed regulation. They believe it lacks predictability and recommend further clarification on the processing of personal data within the FDPM by the ECB and payment service providers. In the absence of such clarification, they suggest considering less intrusive measures from a data protection perspective.
Lastly, they recommend the introduction of a ‘privacy threshold’ for online transactions and further clarification of the data protection responsibilities of the ECB and payment service providers. The EDPB and the EDPS will continue to monitor and provide guidance on the developments of this proposed Regulation.