Blog CBDC as a Privacy Catalyst

CBDC as a Privacy Catalyst

Catalyst blog 2 1000 x500

In the CBDC world, there is a popular opinion that a CBDC might centralize consumer data collection in a single ledger. This is because, in some configurations, all transaction data is stored in a single ledger, controlled by a single party (the central bank), and consumer privacy risks seem higher than when consumer transaction data is stored in multiple ledgers at multiple financial entities. This argument sounds logical, but the reality is quite different. Whatever path the digital evolution of finance will take, privacy and security will remain priorities for all stakeholders.

Over the years, consumer privacy deteriorated despite the best efforts by the government, privacy advocates, enterprises, and consumers. Consumers in many nations have created an average of over 300 online accounts, transacted mostly online, and seldom use cash. They have learned to trust hundreds of enterprises to adhere to best-in-class privacy and security procedures with data stored in their own systems and ledgers. Many new privacy laws have been passed and enterprises are expected to comply with these laws. The intent of these regulations is to put consumer and societal interests ahead of business interests and have required businesses to obtain SOC, PCI, and GDPR certifications or compliance with local laws. Despite best efforts by enterprises, government, and enforcement bodies, consumers do not feel their data and privacy are secure. Within the last year, there have been numerous data breaches from market-leading companies like Microsoft, Amazon, Marriott, Block, Facebook, and government organizations in Costa Rica, Russia, Ukraine, United States, impacting billions of consumers' data records.

Here are a few reasons behind the current situation:

Consumer privacy outlook is at its lowest point within the last decade, even though one could argue that it is a human right. As we move towards a new CBDC system that necessitates centralized security policy, standards, and privacy as key tenants, the pertinent question is “what is the best way to handle privacy?”. This is a core system design issue that can, and should, be solved. Strong privacy policies, governance, legislation, and regulation can re-establish and reinforce the core privacy tenants at the national level.

Organizations like MIT’s DCI, BIS, Atlantic Council, and others are deeply engaged with security and privacy experts, government entities, and fintech leaders to design a CBDC system that meets all the following: best security from malicious actors, high throughputs at low cost, good privacy to consumers, and built-in governance models that enable configurable controls for ecosystem players.

CBDC technology, like any other software, can benefit from well-scoped requirements and design, high-quality implementation, incremental rollout, and ongoing optimization. Recent innovations in the CBDC market (venture capital investments, 100+ government and monetary authority pilots, blockchain technology maturity, powerful use cases that drive financial inclusion, and key cost efficiencies enabling large quantities of innovation) give us hope that consumer privacy will be adequately addressed and required by central banks worldwide.

Author: Baker Nanduru, Chief Product Officer, Bitt