February this year saw the Bank of England and HM Treasury declare that it is “likely” that a digital pound will be issued in future and used by households and businesses for everyday transactions. We discussed the joint consultation paper’s proposed ‘platform model’ in our recent Lens blog.
It is clear that responsible data use is critical to the success of the digital pound, reassuringly recognised by the paper as an aspect on which there should be “little or no room for compromise”. The paper proposes that the digital pound would be subject to privacy and data protection standards at least as robust as those for current forms of commercial bank accounts or e-money. But would the proposal fully reinforce public trust and confidence in secure transaction-related personal data use and storage?
Anonymisation, aggregation and monitoring
The paper sets out that the digital pound would not be fully anonymous. In spite of exaggerated media consternation, this should not be controversial as user identification and verification is fundamental to: (i) prevent financial crime (the risk of which is higher due to the “lower frictions” associated with the digital pound); and (ii) meet the relevant law enforcement and regulatory requirements.
It is proposed that individuals’ personal data would be processed by Payment Interface Providers (or PIPs), private sector entities who provide user access to the digital pound via wallets, for user ID verification and authentication purposes. For example, a PIP would conduct KYC checks and AML compliance when opening a new digital wallet. These PIPs would be held fully responsible for the security of personal data they process.
In its role of operating and maintaining the core ledger, the Bank would therefore not have access to users’ personal data, such personal data to be anonymised by PIPs before being shared with the Bank. The paper proposes that the Bank should be able to access only anonymised transaction data and aggregated system-wide data, which would be used to support innovation and service improvements to both PIPs and users.
Crucially, any law enforcement and government agencies could only access digital pound users’ personal data where there is a fair and lawful basis to do so, as prescribed by the Data Protection Act 2018. This is the same limited basis as in place for existing commercial bank accounts. In combination with the above, this should allay any concerns as to the possibility of intrusive (or Orwellian, even) government and Bank monitoring of individual users’ transaction habits.
Tailoring to user preferences
Though permitting anonymous higher-value digital pound transactions would not be viable, the paper noted the potential to allow lower-value digital pound transactions with lower data collection requirements by PIPs. This might be achieved through:
- Tiered accounts, offering gradated levels of user access and functionality based on the amount of ID that a user is willing to provide (from basic wallets with limited ID to allow for limited functionality, low-value payments offered to all users, to more robust wallets with stronger ID for higher functionality, high-value payments). This chimes with the spirit of the ‘selective privacy’ and ‘privacy threshold’ proposals of the European Central Bank (ECB) and European Data Protection Board (EDPB) respectively for the establishment of the digital euro. Aligning with ECB concerns, tiered accounts would need in-built functionality to ensure that larger payments cannot be split into multiple smaller ones to bypass the relevant checks, and further work is necessary to explore how to exempt low-value, low-risk digital pound transactions from certain AML/CFT obligations.
- Allowing users to vary their privacy preferences to suit their needs, with enhanced privacy functionality resulting in greater benefits to users (e.g. the provision of additional value-added services) in return for sharing their personal data with PIPs (e.g. the provision of additional value-added services), in compliance with UK data protection laws.
This could be argued to rest on an unrealistic expectation as to consumer interest in the trade of data for commercial benefits, but equally is consistent with:
- Mission 1 of the UK National Data Strategy (to unlock the value of data across the wider economy);
- the ICO’s Information Rights Strategic Plan, which highlighted the public’s appetite for giving data subjects control over what they do with their personal data; and
- principles of Open Banking.
The paper sets out that the Bank will conduct tests and evaluate the legal, technical and operational standards needed to operationalise the proposal, and will consult alongside HM Treasury on what data might be collected for what purposes.