Privacy Design Landscape for Central Bank Digital Currency

Organization

Concordia University

Published

2022

Project leader(s)

Jeremy Clark

Summary

Central banks are exploring options to digitize cash—as of January 2022, projects for retail central bank digital currency (CBDC) exist in 24 of the 38 member states of the Organisation for Economic Co-operation and Development (OECD). The researchers behind this project argue that the issue of privacy needs to move centre stage. As they point out, decades of work on privacy enhancing technologies have highlighted that privacy does not come for free, it is easy to get wrong and it is imperative to design before deployment.

One step forward, according to the researchers, is understanding who the key stakeholders are and what their interests in payments records are. Knowledge of conflicting interests is helpful for developing requirements and narrowing down the range of technical solutions. This research project contributes to the literature by identifying three stakeholder groups: (1) privacy-conscious users, (2) data holders and (3) law enforcement, and it explores their conflicts on a high level.

A main insight of the research is that nuanced data-access policies are best to resolve these conflicts, which in turn rule out many technical solutions that promise “hard privacy.” By this, the researchers mean solutions relying on cryptography and user-guarded secrets without room for human discretion. This observation shifts the attention to a softer form of privacy-enhancing technologies, which gives authorized stakeholders the ability to access certain payment records in plain text under defined circumstances. Such a system will depend on compliance and accountability, supported by technically enforced access control, limited retention periods and audits. The researchers refer to this as “soft privacy.” Their review of technical architectures for recordkeeping in CBDC also reveals that a “direct CBDC,” where the central bank runs the record keeping for the entire payment area, is a promising design for privacy.

In addition to a research article outlining their findings and recommendations, the research team also produced digital research artifacts that will be useful to other researchers, notably a detailed bibliography of CBDC research on Zotero and a coded set of CBDC papers on Taguette.

Project deliverables are available in the following language(s)

English

• Academic article/research report (HTML document)
• Bibliography of CBDC research and coded set of CBDC papers (HTML document)

OPC-funded project

This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors only and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.

Contact information

Prof. Jeremy Clark
Concordia University
1455 De Maisonneuve Blvd, EV7.640
Montreal, Quebec H3G 1M8
Phone: 1-514-848-2424, ext. 5381
Email: Prof. Jeremy Clark