Document Type

Article

Publication Date

2023

Abstract


One hundred thirty-one countries, representing over 98 percent of the global gross domestic product (GDP), are currently exploring central bank digital currencies (CBDCs), a new form of digital money that is different from privately issued cryptocurrencies and stablecoins. As central banks worldwide grapple with CBDC design options, privacy has become a critical feature and concern. Many central banks, government agencies, nongovernmental organizations (NGOs), think tanks, and even the general public have underscored the importance of privacy in CBDC systems. Moreover, a diverse group of economists, computer scientists, engineers, and legal scholars have embarked on crafting privacy-preserving CBDC designs.

But two fundamental questions appear to be overshadowed: (1) How is privacy defined in the context of CBDCs? and (2) What specific privacy challenges emerge from CBDCs? Prior to proposing solutions, a clear understanding of these concerns is crucial and necessary. This Article first adopts Daniel Solove’s pragmatic approach and Helen Nissenbaum’s theory of contextual integrity to conceptualize privacy within the CBDC context. Next, it examines the data flow inherent to four core CBDC designs. It concludes that the most significant privacy concern arises from central banks collecting extensive end-user data. Such data aggregation raises alarms of mass surveillance, elevates cybersecurity risks, and poses potential data misuse or abuse by other government entities, especially in the absence of governing rules. The role of intermediaries also raises privacy concerns by creating additional data repositories, which increases risks of data misuse and cybersecurity attacks. This Article also argues that, for most central banks in democratic regimes, mass surveillance is not the objective when contemplating CBDCs. Mass surveillance concerns often arise from the general public’s misunderstanding of the role of central banks and the ways central banks utilize data. For these central banks, detailed personal data (e.g., who purchases what, when, and where) holds limited relevance to their mandate. Instead, they rely on aggregate data, which do not need to be personally identifiable, to gain insights into the economy. In the end, this Article proposes three legal and technical principles as a guiding framework for designing a CBDC that prioritizes privacy protection.

Share

COinS