Skip to content

EU privacy regulators adopt opinion on the proposed Regulation on the digital euro

On 17 October 2023, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a joint opinion on the proposed Regulation on the digital euro (the Proposal) as a central bank digital currency (the Joint Opinion).

The EDPB and the EDPS welcome the Proposal and acknowledge the efforts to provide a high standard of privacy and data protection for the digital euro, e.g. by introducing an "offline modality", to minimise the processing of personal data by payment service providers, as well as to embed data protection by design and by default. Nevertheless, the EDPB and EDPS identify several improvements to ensure individuals’ data protection and privacy rights. They recommend: 

  • clarifying how the digital euro will be distributed in a ‘decentralised manner’ by financial intermediaries; 
  • clarifying the necessity and proportionality of the single access point of digital euro unique identifiers;
  • clarifying requirements for personal data processing by payment service providers (PSPs) in various situations, e.g. for enforcing holding limits or in relation to possible fees for services;
  • including an obligation on the European Central Bank (ECB) and the national central banks to ensure pseudonymisation of all transaction data in the ECB settlement infrastructure;
  • demonstrating the necessity of possible establishment by the ECB of a general fraud detection and prevention mechanism (FDPM) which may be accessed by PSPs to detect fraud, and providing clear and precise rules governing the scope and application of the envisaged FDPM;
  • including an explicit reference to the applicable cybersecurity legal framework, to address risks from an IT and cybersecurity perspective;
  • fine-tuning the provisions relating to tracing online and offline transactions for the purposes of anti-money laundering (AML) and for combatting the financing of terrorism (CFT), to better balance the privacy and data protection risks and AML/CFT threats; and 
  • clarifying the legal bases for data processing, the allocation of data protection responsibilities and the types of personal data processed by various stakeholders involved in the issuance and use of the digital euro.

The press release is available here and the Joint Opinion here.

Related expertise

Related blog topics