We have been using electronic money for quite some time, understood as any monetary value stored by electronic means for payment transactions. Electronic banking and electronic payment services are regulated at both European and national level, however, with advances in technology, innovative forms of digital money are emerging in the form of virtual currencies, in particular cryptocurrencies, which started in 2009 with Bitcoin. Since then, numerous virtual currencies have emerged, representing digital assets used as a means of exchange or payment. The impact of these technologies has made central banks in many countries exploring, testing and even launching an alternative to legal tender, known as CBDC (Central Bank Digital Currency), which work similarly to cash. However, CBDCs are different from cryptocurrencies.
Photo from Shubham Dhage en Unsplash.
The concept of digital money is quite broad and is different from that of electronic money. One of the forms of digital money are virtual currencies, and among them, those commonly known as cryptocurrencies, which, in their most common form, are deployed on distributed ledger technologies (DLT), blockchain being the most widely used. Cryptocurrencies implement a decentralized governance, publicly accessible and free, with cryptography as the fundamental basis on which the system is built.
From an end-user perspective, the terms cryptocurrency and token are used interchangeably, although there is a technical difference in their implementation: the cryptocurrencies themselves use their own blockchain, i.e., they are part of their own protocol (the best known are Bitcoin and Ethereum), while the tokens are built on existing blockchain through smart-contracts or other mechanisms. Cryptocurrencies can be purchased on exchange markets and used on different platforms.
The vast majority of existing cryptocurrencies do not have an objective value or represent physical assets, nor do they have an official backing (fiat currency). There is a specific type of cryptocurrency, the so-called stablecoins, whose value is linked to other assets, legal tender or even algorithms (eg. Tether, USDT, parity with the US dollar), which are intended to guarantee the stability of their value. However, they are managed by private entities and there are cases where the intended stability has not been achieved (one example is the collapse of the Terra–Luna coins in May and June 2022  )).
The biggest risks posed by cryptocurrencies are volatility, speculation, and a false sense of availability, security, and anonymity.
Digital currencies, known as CBDC (Central Bank Digital Currency), are the alternative to cryptocurrencies that banks are preparing. Blockchain and DLT technologies could be used for their implementation, but the use of these technologies is not essential for a CBDC. In any case, the difference with cryptocurrencies is that they are centralized, private and permissioned implementations, although there will be intermediaries, such as payment service providers, and others, who involved in the transactions. The motivation for the deployment of CBDCs in many countries covers aspects such as promoting financial inclusion, facilitating easy and secure access, improving efficiency in payments and money flow, cross-border use, creating programmable money, establishing monetary policies and control mechanisms, etc.
Many countries   are researching, testing, piloting, and launching fully functional CBDC implementations. Among the most advanced are the Bahamas, with Sand Dollar being the first to have a CBDC available to its citizens, something that also happens in Jamaica, with JAM-DEX, the Eastern Caribbean nations, with DCash and Nigeria with eNaira. In Europe, work is underway on a digital euro.
However, depending on their design, implementation and conditions of access and use, CBDC may entail risks to the rights and freedoms of natural persons.
Almost all currently existing CBDC projects are based on distributed ledger technologies (DLT), using private blockchain (in the cases above, this would be Hyperledger-Fabric in eNaira and DCash, and NZIA in Sanddollar), although more traditional technologies deployed on telecommunications infrastructures can also be used (in the case of JAM-DEX). In all cases, a mobile device is required for the access and use of CBDC by citizens, where mobile applications such as digital wallets used, may also involve processing of numerous personal data for identification and to allow the application of other legal obligations (such as KYC). Mobile devices present many challenges to keep data secure, private and also reveal a lot of metadata.
Blockchains are not anonymous, and can be monitored. In turn, possible design options, with the intervention of intermediaries between the central bank and the user (e.g. AFIs, Authorized Financial Institutions in the case of Sanddollar, Financial Institutions with eNaira, Wallet providers with JAM-DEX, Financial institutions and Agents in DCash) also highlight the risks that may arise in relation to the processing of personal data (such as transaction tracking and tracing).
Singapore, with its CBDC research project Orchid (completed its first phase in October 2022), identified the potential of digital money for specific purposes, or programmable money (PBM, Purpose Bound Money), which allows rules to be added to the means of payment itself that define restrictions on its use (the programming logic and the value it represents are coupled), and also allow automatic execution of payments when certain conditions are met (the underlying technology to implement this functionality is based on smart contracts, and the use of digital wallets). User profiling could then be enabled, and policy measures on spending or service usage on segments of the population could be established on the basis of such profiling.
Another risk present in the use of CBDCs is the potential for social rejection. The demonetization policy in Nigeria to incentivize the use of its CBD eNaira has recently provoked social rejection and protests, where citizens feel under surveillance and do not consider that it brings benefits to their daily lives.
Not to be forgotten are technological dependency, long-term resilience issues (cryptographic algorithms could be compromised), and cybersecurity-related challenges, intrinsic to CBDCs due to massive breaches of personal data, and general ones arising from the vulnerabilities of mobile devices that allow users to manage their digital keys and wallets (theft, viruses, backdoors, leaks, breakages, etc.) and that they are increasingly used in more aspects of daily life.
The design of CBDCs must ensure privacy and data minimization by design. In addition, an appropriate balance must be ensured between data protection and other objectives, such as preventing tax evasion, money laundering and terrorist financing, while addressing risks to the rights and freedoms of individuals.
More information related to this topic can be found on the AEPD Innovation and Technology website at: