Barbara Buchalik started her career in private practice as an IT lawyer in Germany before she joined the German Financial Supervisory Authority (BaFin) where she worked in IT supervision for banks. During that time, she was seconded to the UK’s Financial Conduct Authority’s (FCA) Innovation Hub in London where she worked on better cooperation between the FCA and the Information Commissioner’s Office. After her time with BaFin she joined the German Federal Ministry of Finance at a time when ICOs were springing up like mushrooms from the ground and the regulation of crypto assets, decentralized finance, stablecoins and Central Bank Digital Currency became the centre of discussion. About a year ago she left the public sector and co-founded ‘Brygge’, a FinTech start-up with social impact focusing on a solution for people 55+. Shaping the future of digital finance and challenging the status quo is her passion. She brings a 360-degree perspective on the interface of technology and financial regulation to the table. Barbara Buchalik agreed to share her views and practical insights on Central Bank Digital Currency (CBDC) and the discussions around data protection.

ECB’s CBDC – the answer to a wakeup call 

The CBDC’s journey started a little over a decade after the emergence of Bitcoin and was triggered by the Diem Association’s announcement to release a stablecoin called Diem (named Libra before) and also known as Facebook currency. Only 3 months after the Association’s announcement, Benoît Cœuré – former member of the Executive Board of the ECB – stated in front of Germany’s parliament committee for the ‘Digital Agenda’ that Libra was undoubtedly a wake-up call for central banks and policy makers. For decades, there have been all kinds of different forms of money, but why of all things Libra was a wakeup call? The answer: Access to existing networks with a large user base and thus a global presence has inflamed the central banks fear to lose further room for manoeuvre in monetary policy. After spending a rocky couple of years struggling and failing to appease regulators’ and politicians’ concerns the Diem Association announced the shut down in February this year. Diem is gone and meanwhile the Markets in Crypto Assets Regulation (MiCAR) fills the gaps regarding the regulation of stablecoins. So, what’s ECB’s mission regarding CBDC again? 

The mission sets the tone for the design 

In an ideal world the mission should set the tone for the design of a CBDC. In a recently (14 July 2022) published Blog Article, Christine Lagarde and Fabio Panetta stated that the CBDC is intended as a response to (i) increased currency competition, (ii) the dominance of foreign providers in European payments and (iii) the impact of declining cash usage. 

It is interesting to notice that ECB’s objectives are formulated as long-term political goals rather than practical advantages for the potential users. However, the key factor which will lead to said political goals is clearly a broad user base. Users are not interested in political goals; they are interested in advantages in everyday life. The users would have to be convinced to switch to a new means of payment that hardly differs from existing ones in terms of handling and range of services such as deposit in online current account and might also be subject to a quantity restriction. 

Data Protection as a unique selling point for CBDC 

The CBDC could be designed in such a way that it offers significantly higher data protection than existing electronic payment instruments such as card or internet payments. This would be even more important as fewer shops will accept cash payments and as online purchases will increase. Additionally, it would clearly be a differentiation from other digital payment methods. The responses to ECB’s public consultation confirm that. 

The ECB recently published a document presenting the privacy options it is considering in the development of a CBDC. Three main privacy options are being considered for the design of the central bank digital currency (CBDC). 

In the first scenario, the CBDC will be designed to imitate current digital transactions where only intermediaries like commercial banks will have access to transaction data. The second option will allow for selective privacy for low-value/low-risk transactions as information collection by intermediaries will be restricted. The last option will allow for even greater privacy by enabling offline functionality for low-value/low-risk transactions. While each option still requires user checks by intermediaries and central banks during onboarding, the ECB stated that the first scenario is the currently applicable baseline it is working with. The presentation also added that for the ECB, user anonymity is not a desirable feature, as it would make it impossible to control the amount of the CBDC in circulation and to prevent money laundering. If politically desired the Eurosystem is committed to enabling high privacy standards but also notes that this must be integrated in the regulatory framework. And finally, the ECB asks the right question: What is the desired balance between a high standard of privacy in the use of CBDC and other EU policy objectives? 

Data Protection vs. AML and CFT 

Two policy objectives are heavy weights in the scale: Anti Money Laundering and Countering the Financing of Terrorism. Both topics have a high importance in the political agenda. So, will the policy maker be willing to cut back on AML standards in order to enable greater privacy? I am guessing that will hardly be the case. We need an open debate on that issue. The CNIL is taking a very active role in this debate. I do not see that much of a discussion in Germany even though it is known for being a strong advocate of data protection. And still I think this discussion should be held more loudly so that privacy is at least guaranteed for low-value payments.