How we sleepwalk into the digital euro: debate urgently needed

New phase digital-euro project

The digital euro has again been in the news frequently in recent weeks. This is because the European Central Bank (ECB) has decided to begin the next phase of the digital euro project. In it, the Eurosystem will be technically prepared for the possible first issuance of a digital euro. The preparation phase that followed the research phase (from 2021) and started in 2023 is thus completed. It is expected that the first pilots can start in 2027 with actual issuance in 2029.^[1]

Privacy First has previously expressed fundamental concerns about the digital euro.^[2] As more and more is known about the design of the digital euro, these concerns remain undiminished. The introduction of the digital euro is expected to have profound effects on society and on the rights of citizens. For this reason, Privacy First is calling for a much more robust debate on whether the digital euro should happen and how to prevent further deterioration of citizens' financial privacy.

There is a proposal to make issuance legally possible, but there has been no real political discussion in the Netherlands or Europe. Will politicians dare at any point say no to a system in which so much has already been invested? Are we not collectively sleepwalking into a system whose pros and cons for society and citizens' fundamental rights are unclear?

With regard to the digital euro, the following is in play:

• Concentration of power in a European body (the ECB) that lacks democratic accountability.
• The ECB lacks transparency; mature rebuttals to ECB actions are lacking and accountability for mistakes is effectively impossible.
• Tension in the role of ECB and practical implementation by financial institutions (banks and payment service providers), which will pass on costs to the corporate customer.
• The ECB decides on the design of the digital euro system, which involves major social risks.
• The ECB hides from responsibility when something goes wrong in the system. Mechanisms in favor of duped citizens are lacking.
• Alternatives with fewer risks to citizens' fundamental rights are not considered.

We explain this below.

ECB will issue euros directly to citizens

The digital euro is to become a complement to coins and bills. Unlike digital money issued by commercial banks, the ECB will issue the digital euros itself. If the plan succeeds, Europeans will be able to put digital euros in a so-called "wallet" and use it to make payments. There will also be an offline variant, which would resemble cash.

If the ECB itself starts issuing digital euros, this will lead to an even greater concentration of power at the ECB than is already the case. What the consequences of this will be and what impact it may have on citizens is an underexplored topic.

Insufficient transparency and dissent

The ECB is positioned in Europe as an independent institution on the basis that politics should not influence the central bank. If governments had direct control over the central bank, politicians might be tempted to change interest rates to create a short-term economic boom or use central bank money to finance popular measures. This would seriously damage the economy.

The positioning of the ECB as an independent institution results in the ECB being a not very transparent organization. The ECB explains its policies to EU citizens by, for example, answering questions in the European Parliament, but it is virtually impossible to hold the ECB accountable for mistakes it makes. This is mainly for two reasons.

First, the European Court of Justice applies high thresholds before the ECB is deemed liable. For example, EU institutions like the ECB are only liable for damages they cause if there is a "serious breach" of a rule of EU law. Furthermore, damages can only be claimed in the European Court. This is a high and costly threshold for citizens, while the processing time for a case at the European Court is easily 2 to 3 years. A search of the database covering all lawsuits against the ECB does not yield any successful claims against the ECB.

The rollout and customer contact lies with commercial parties

Although the ECB will issue the digital euro, it will be distributed exclusively through commercial banks and payment service providers. These parties will be required to make the digital euro available to the public. They will be responsible for performing all operations normally associated with opening and maintaining a regular bank account, such as anti-money laundering checks at onboarding, transaction monitoring and customer service.

One particular feature that banks will have to set up and make work is the so-called "waterfall functionality. It is expected that many people will find it convenient to link their digital euro account to a regular bank account. Because people are likely to be allowed to keep a maximum of 3,000 digital euros and there is a chance that someone may exceed that amount by receiving digital euros, a waterfall functionality will need to be set up that automatically transfers the excess amount of digital euros to the linked bank account. Conversely, a deficit in the digital euro account can also be transferred directly from the linked bank account (the reverse waterfall function). This functionality comes with risks.

The ECB will supervise the banks and payment service providers that are to roll out the digital euro in the market. In other words, the ECB will check whether banks and payment institutions are carrying out the distribution correctly (managing related IT risks, for example) and treating consumers holding digital euro accounts properly.

At prices that ECB is going to monitor

The ECB has promised that the digital euro will be free for consumers. Because development, rollout and keeping the digital euro in the air costs a lot of money^[3], banks and payment institutions will start charging the costs they incur to the businesses that have to (compulsorily) accept the digital euro.

The fees that banks are allowed to charge, according to rules^[4] be "proportional. The ECB will monitor whether the fees banks will charge are indeed proportionate.

ECB decides on design and application options

The design of the digital euro system will be determined by the ECB. The proposed rules for introduction of the digital euro set the limits the ECB will have to adhere to, but the ECB has a lot of room to arrive at its own choices and interpretation.

Privacy First will not detail here the opportunities and risks presented by the digital euro, but points out that design of the digital euro is not a purely technical discussion. Introduction of the digital euro means, among other things:

• Risks to privacy, including because of the creation of a database in which the ECB will record all payments. This database is within reach of intelligence and police forces[5] and will be a prime target for cyber attacks;
• The probability of programmable money, that is, money that may be used only for certain purposes[6];
• The chance that use of the digital euro will actually become mandatory, for example because the government pays out certain subsidies or other benefits exclusively in digital euros. A citizen who does not want to use the digital euro will then not be able to claim the subsidy in question (it will then be an "own choice");
• Risks of phasing out cash, when it is the only form of money that actually provides anonymity and is accessible to all. As use of the digital euro increases, cash will have to be withdrawn from circulation to keep the ECB-issued money supply the same or not grow too much;
• Creeping introduction of the digital identity ('EUDI-wallet' / 'EDI-wallet'); in order to use the online variant of the digital euro, citizens will need to have a digital wallet. Linking or integrating the digital identity to the digital euro thus becomes likely.[7] There is already talk of drafting rules under which banks will be obliged to use the digital identity.[8] Will this make use of the digital identity mandatory after all?
• A huge concentration of power at the ECB, while democratic control of the ECB is lacking and lawsuits against the ECB are not only lengthy and costly, but also have little chance of success;
• Increasing risk of cyber attacks on critical infrastructure as the online version of the digital euro adds another layer of complexity to the existing digital payment infrastructure.

ECB hides from responsibility

Just as things can go wrong in today's payment system, there are things that can go wrong when paying with or receiving digital euros. For example, payments can be disputed because what was purchased was damaged or payments were made without the payer's consent. Technical errors also sometimes occur, causing, for example, the transaction amount to differ or transactions to be performed twice. Finally, fraud such as identity fraud or interception of payment data may occur. If these types of errors currently occur, payers or recipients can generally sue the bank or merchant.

For transactions that will use the digital euro, of course, there may also be (technical) errors or fraud. However, the ECB indicates that it will not recognize liability for this. It will always be the bank, the payment service provider, the merchant or, in some cases, the consumer who is liable.^[9]

The ECB's position is noteworthy because it is inconsistent with the European Treaty, which provides that the ECB is liable for errors made in the tasks it performs.^[10] The ECB positions the digital euro as risk-free^[11], but this is misleading. Indeed, it is possible to foresee all kinds of situations in which errors that have occurred could be attributable to the ECB.

For example, a hacked digital euro account where money is automatically deposited in digital euros without user intervention (the reverse waterfall) could lead to unlimited withdrawals from the linked commercial bank account. Furthermore, the digital euro uses existing payment structures and thus use of the euro will be exposed to the same risks that already occur when using bank-issued digital money.

The ECB as issuer of the digital euro must take into account the occurrence of these risks and will not be able to simply pass them on to other parties. A low-threshold system will therefore have to be set up for affected users, under which they can recover damages from the ECB. Without such a system, users of the digital euro will be left empty-handed when errors occur that are attributable to the ECB.

Where is the voice of citizens?

In 2022, the European Commission organized a "have your say" on the digital euro. More than 19,500 European citizens took the trouble to respond to this consultation.^[12] None of the responses were positive.

Four years after the ECB began this project, many questions remain about the usefulness and necessity of the digital euro. The ECB remains positive about the digital euro and the Dutch government has also indicated a positive attitude toward the digital euro.^[13] Others doubt the added value of a digital euro.

Privacy First suffices with the observation that it is unknown whether the digital euro really meets a need and what the exact consequences of introduction will be for citizens. At the same time, it is clear that the digital euro carries significant risks and that the ECB has and will have tasks and roles in design and rollout that create an unbalanced system.

For years the ECB has been investing in the development of the euro while the democratic debate in the EU member states is not taking place and decision-making is taking place far away. There is thus a good chance, that we are walking into the digital euro without real insight into impact and risks and without considering possible alternatives with less risk for the fundamental rights of citizens and less concentration of power at the ECB.^[14]

Privacy First therefore calls on politicians to prevent the rollout of the digital euro without serious democratic discussion and legitimacy. Introduction of the digital euro cannot depend on a single European vote, but requires a much broader debate.

^[1] Progress on the preparation phase of a digital euro - Closing progress report

^[2] The digital euro: prelude to mass surveillance at the European level? | Privacy First

^[3] The ECB estimates the cost to the commercial sector to be between €4 billion and €5.77 billion. The banks estimate the cost at about 18 billion euros. See, for example, Digital euro: one cost may hide another

^[4] See Article 17 of the Proposal for a Regulation on the Digital Euro ("the Regulation"): https://eur-lex.europa.eu/resource.html?uri=cellar:6f2f669f-1686-11ee-806b-01aa75ed71a1.0010.02/DOC_1&format=PDF

^[5] Art. 32 of the Regulation.

^[6] See, inter alia, pp. 8-9 of this DNB publication: https://www.dnb.nl/media/espadbvb/central-bank-digital-currency.pdf

^[7] See p. 22 ff. of the report "Digital decentralized value transfer for the public sector in the Netherlands " prepared for the Dutch Ministry of the Interior: https://cris.vub.be/ws/portalfiles/portal/79975514/Rapport_Digitale_Decentrale_Waardeoverdracht_voor_de_publieke_sector_in_NL.pdf

^[8] See Privacy First's consultation response to European Banking Authority proposals: https://privacyfirst.nl/artikelen/digitale-identiteit-wordt-sluipenderwijs-toch-verplicht/

^[9] A stocktake on the digital euro - Summary report on the investigation phase and outlook on the next phase p. 27.

^[10] Art. 340 of the Treaty on the Functioning of the European Union.

^[11] Shifting payment landscape: what a digital euro will bring

^[12] A digital euro for the EU

^[13] BNC Fiche Digital Euro: Parliamentary paper 22112, no. 3747 | Government.com > Official Announcements

^[14] See, for example, https://www.norea.nl/nieuws/lancering-van-wero-belangrijke-stap-europese-digitale-souvereiniteit