The ‘Privacy Paradox’ is where people claim more concern with privacy than their actual behaviour indicates. This ‘say-do gap’ exists in many areas, including the need for cash to be maintained, but despite that, it means organisations are forced to respond. If central banks cannot convince society that their privacy is safe when using a CBDC, then usage may suffer. Despite the privacy paradox, another recent working paper by the International Monetary Fund is, therefore, just as important as its recent paper about the need for CBDC to be safe against cybercrime 1.
When it comes to money, trust is everything. Unfortunately trust in governments, and almost all large remote organisations, feels lower than it used to be, perhaps because of the impact of social media.
The Harvard Business School’s Institute for the Study of Business in Global Society and the Edelman Trust Institute conduct annual surveys measuring trust. The 2024 annual survey of 32,000 people in 28 countries found that, when averaged over all 28 countries, more respondents trusted business (63%) than trusted government (51%). However, when the results were examined at individual country level, government was trusted more in four countries and business trusted more in 24 countries. Not every country is the same.
Does this result explain why we allow Visa, Mastercard, Apple, Google, WeChat Pay, Amazon etc. to harvest our data but worry about the government and the payment data from CBDC? Or is it that we know commercial organisations just want our data to sell us more and we are ok with that, but we just can’t be sure what the government will do with the data.
China’s social credit score exercised through digital payments, Thailand’s financial stimulus, provided through digital wallets, that limits where, when and on what the handout can be spent on, or Canada’s freezing of bank accounts of the leaders of the 2022 truckers strike are all cited as evidence of government actively managing citizens using payments.
However honourable and rigorous the actions taken by central banks to safeguard privacy; the Harvard/Edelman Trust survey highlights the challenge of persuading people that CBDC will be private.
Anonymity in a payment transaction is where the identity of the transmission parties is not revealed or is unknowable. Privacy is where the relevant transaction data are not revealed, for example the amount and time of the transaction. Cash is anonymous but electronic payments are not.
However, the concept of privacy is inconsistent. Cultural norms, societal preferences, legal requirements and traditions and the degree of trust that the public has in public and private institutions vary. Technology on its own can neither guarantee anonymity nor privacy. The granularity of the data is also important, for example if data is aggregated, then the trade-offs around anonymity and privacy are different, compared with data that is granular.
Within institutions though, there is consensus about anti money laundering (AML) and combatting the financing of terrorism (CFT) legislation which is allowing navigation of the trade-offs between CBDC data use and privacy protection.
Wholesale CBDCs are more straightforward than retail CBDCs, because they can use the traditions of Real Time Gross Settlement systems.
People forget, of course, that central banks already run Faster Payment systems and, therefore, already handle significant volumes of transaction data with personal data.
Unless designed specifically not to, digital transactions create a ‘digital trail’. Data is collected and stored, and it can be mined for transaction histories, user demographics, behavioural patterns and it can allow links between counterparty identities and transactions.
This data can have significant economic value, and it is systematically sold and used by commercial organisations today. For a central bank, payment data can help it to achieve policy objectives such as reducing information asymmetries, supporting financial inclusion, facilitating payment system interoperability and promoting innovation and market contestability. At a macroeconomic policy making and regulatory compliance level, it offers timely information about the state of the world.
Data leakages, data abuses, cyber attacks and cross border data flows could reduce the adoption of CBDCs.
At a given level of preference for privacy, central banks can facilitate better use of CBDC data through:
While CBDCs are not anonymous, they do offer the opportunity to do better than private digital payment systems. Central banks have the advantage of having strong convening powers and the skills and ability to establish principles and policies to enable privacy and co-ordinate the adoption of privacy-by-design.
When designing a CBDC there are options such as allowing low value transactions to operate as cash, including allowing users to decide to share data if they wanted, for example, to build up a credit score. Larger values could then be treated as similar to existing other digital payments, although the central bank could encourage Payment Service Providers to share data in order to increase innovation and competition. One challenge is avoiding data silos.
The report notes that the European Central Bank and the Bank of England have said they will not access or use personal data for CBDC. Although other central banks (for example, the Reserve Bank of India) have emphasised the economic value of CBDC data.
Cross border data flows face similar privacy risks as other digital payments, requiring the harmonisation of standards and mechanisms to ensure privacy, oversight and protection.
This paper covers the topic in detail, particularly solutions and trade-offs, and this is barely touched here.
The paper stresses the need for rigorous legal and regulatory requirements, and sound institutional safeguards demonstrating accountability and transparency. If there is evidence of misuse, the prosecution of the perpetrators should follow. One suggestion in the paper is the use of ‘proofs of correct execution’ to give people trust that the rules are being followed. These would be auditable with the results communicated to users.
Which all comes back to trust in the ability and willingness of the state to follow the law and to be rigorous.
1 - IMF Note 2024/004. ‘Central Bank Digital Currency Data Use and Privacy Protection’. Kieran Murphy, Sun Tao, Yong Sarah Zhou, Natsuki Tsuda, Nicolas Zhang, Victor Budau, Frankosiligi Solomon, Kathleen Kao, Morana Vucinic, Kristina Miggiani.