In academia and at central banks, central bank digital currency (CBDC) is increasingly being researched due to the continuous decline in cash payments and the emergence of private stablecoins such as Libra. While CBDC offers various advantages for central banks, sensitive transaction and holdings data of individuals and users need to be protected. This paper analyses how privacy in payment is being discussed in CBDC related literature and pilot projects of central banks. Central banks rarely identify privacy as a key requirement in the development and implementation of a CBDC. Instead, anonymity is seen as one possible feature of a CBDC that could hinder know-your-customer (KYC) and anti-money laundering (AML) compliance of banks. In pilot projects, different techniques and solutions have been proposed to achieve varying levels of privacy for users. A comprehensive framework on how best to achieve privacy in retail CBDC is needed. Such a framework should consider the differing underlying design aspects of a CBDC and the use cases for which the CBDC is to be developed.
The aim of this study was to identify and evaluate different de-identification techniques that may be used in several mobility-related use cases. To do so, four use cases have been defined in accordance with a project partner that focused on the legal aspects of this project, as well as with the VDA/FAT working group. Each use case aims to create different legal and technical issues with regards to the data and information that are to be gathered, used and transferred in the specific scenario. Use cases should therefore differ in the type and frequency of data that is gathered as well as the level of privacy and the speed of computation that is needed for the data. Upon identifying use cases, a systematic literature review has been performed to identify suitable de-identification techniques to provide data privacy. Additionally, external databases have been considered as data that is expected to be anonymous might be reidentified through the combination of existing data with such external data. For each case, requirements and possible attack scenarios were created to illustrate where exactly privacy-related issues could occur and how exactly such issues could impact data subjects, data processors or data controllers. Suitable de-identification techniques should be able to withstand these attack scenarios. Based on a series of additional criteria, de-identification techniques are then analyzed for each use case. Possible solutions are then discussed individually in chapters 6.1 - 6.2. It is evident that no one-size-fits-all approach to protect privacy in the mobility domain exists. While all techniques that are analyzed in detail in this report, e.g., homomorphic encryption, differential privacy, secure multiparty computation and federated learning, are able to successfully protect user privacy in certain instances, their overall effectiveness differs depending on the specifics of each use case.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.