Q9: How private would the digital euro be?
The European Central Bank answers:We answer them:Privacy is one of the most important design features of the digital euro.
The digital euro is designed to be able to function offline in a way that would offer users a cash-like level of privacy, both for sending money to other people and for making payments in shops. When paying offline, only the payer and the payee would know the personal transaction details of the payments made. Anti-money laundering checks would be carried out by the distributing payment service provider (PSP) during the funding and defunding process, just as it is the case with cash withdrawals and deposits today.
In the case of online transactions, the Eurosystem would not identify users making or receiving payments, thereby protecting their personal data, but PSPs would be able to identify users for the purpose of compliance with anti-money laundering rules.
Thus, whether online or offline, the Eurosystem would not be able to directly link digital euro transactions to specific individuals.
The digital euro would be governed by EU regulations designed to balance privacy with security. This approach maintains robust protections against illicit activities, while safeguarding individual privacy.
Recent surveys commissioned by the ECB show a clear consumer preference for payment privacy: In the public consultation on the digital euro from 2021, more than a third of the respondents ranked payment privacy as the most important feature of the digital euro [1]. In a recent study about consumer payment habits from December 2024, 42% of the respondents affirmed that privacy is one of the top advantages of physical cash [2]. But if privacy really was “one of the most important design features” of the digital euro, the current design clearly would have failed this promise: Privacy is only promised for the offline version, which is unlikely to work out in practice (cf. Q7), while the online version has no privacy advantage over existing digital payment systems.
The ECB’s recent progress report and other publications [3;4;5] only reference data pseudonymity when handled by the ECB and compliance with data protection regulations for PSPs, but no provable, strong consumer privacy for online transactions. In fact, the online digital euro offers even less privacy to consumers than contemporary digital payment methods as it centralizes and standardizes the collection of all of its payment data for the settlement service at the ECB (KF1). No effective technical protections are in place to prevent the ECB or PSPs from creating “patterns of life” providing detailed insights into citizen’s private lives. As they correctly state, they will “not be able to directly link digital euro transactions to specific individuals”, but could certainly link transactions indirectly [6], and stating that “the Eurosystem would not identify users” is just a promise, no guarantee.
To see why pseudonymity is not sufficient for privacy, consider the individual transaction histories of persons, known to the payment system only by pseudonyms. The transaction histories span multiple points in time and location, including purchases in online stores. An adversary who also has access to geo-location information of people and their identities, e.g., from smartphone vendors and mobile telecommunication providers, can now correlate the transaction history with geo-location information of individuals, and thereby de-anonymize any pseudonym in the transaction history, including online purchases. The scale to which this can be performed and the ability to do this basically instantly and permanently, makes pseudonymity in a CBDC an enabler of an unprecedented level of easy mass surveillance, as payment data is no longer siloed across thousands of organizations, databases and incompatible formats [7].
Given the convenience functions of the online version such as automatic deposit and withdrawal, and given that Internet is available in many situations, people are likely to stick to the online form of the digital euro and not make use of the offline version at all— probably in the illusion that their transaction data is private there, too (KF1).
The extensive need to identify each individual using any digital euro wallet hardly compares to the privacy of cash, as today we can easily buy wallets for physical cash with physical cash without disclosing any personal information.
- European Central Bank, Eurosystem report on the public consultation on a digital euro, 2021.
- European Central Bank, Study on the payment attitudes of consumers in the euro area (SPACE) – 2024. https://www.ecb.europa.eu/stats/ecb_surveys/space/shared/pdf/ecb.space2024~19d46f0f17.en.pdf, 2024.
- European Central Bank, Progress on the preparation phase of a digital euro: Closing progress report. Publications Office of the European Union, 2025. [Online]. Available: https://data.europa.eu/doi/10.2866/3423337 [Accessed: Jan. 19, 2026].
- M. Daman, Making the digital euro truly private. https://www.ecb.europa.eu/press/blog/date/2024/html/ecb.blog240613~47c255bdd4.en.html, 2024.
- European Central Bank, Progress on the preparation phase of a digital euro - first progress report. https://www.ecb.europa.eu/euro/digital_euro/progress/html/ecb.deprp202406.en.html, 2024.
- Y. De Montjoye, L. Radaelli, V. Singh, and A. Pentland,
Unique in the shopping mall: On the reidentifiability of credit card metadata,
Science, vol. 347, no. 6221, pp. 536–539, 2015. doi:10.1126/science.1256297 - A. Aligny, E. Benoist, F. Dold, C. Grothoff, Ö. Kesim, and M. Schanzenbach,
Who comes after us? The correct mindset for designing a central bank digital currency,
SUERF Policy Note, no. 279, pp. 1–9, 2022.