The second CBDC liaison meeting between the BOJ and related ministries

The second CBDC liaison meeting between the Bank of Japan and related ministries was held on December 2, 2024. The meeting materials included contributions from the Bank of Japan, the Ministry of Economy, Trade and Industry (METI), the Financial Services Agency (FSA) and the Personal Information Protection Commission. The discussion focused on Central Bank Digital Currency (CBDC) data handling, privacy, and utilization.

Key themes include a strong emphasis on privacy protection through data separation and anonymization, the need for compliance with existing data protection laws, particularly the Personal Information Protection Act (PIPA) and the General Data Protection Regulation (GDPR), and the balancing act of data utilization for public good (AML/CFT, policy analysis) against privacy concerns. The meeting materials also highlight the roles and responsibilities of different actors, including intermediaries, the Bank of Japan, and Payment Service Providers (PSPs). The documents also explore the utilization of transaction data and balancing that against consumer privacy.

1. Core Themes and Principles

• Privacy by Design: A central principle is that privacy must be built into the CBDC system from the outset. This involves minimizing data collection, separating sensitive information, and employing anonymization techniques.
• Data Minimization: The parties consistently emphasize limiting the scope of data collected and retained. The Bank of Japan will "handle data within the minimum necessary range." This principle extends to what data is stored and where.
• Data Separation: A core technical approach is to separate customer management functions from ledger management functions at intermediary institutions. This prevents sensitive personal information from being directly associated with transaction data. The Japanese Bank notes that, "the design separates the customer management section and the ledger management section."
• Compliance: All aspects of CBDC data handling must adhere to existing data protection laws, including the Japanese PIPA, the EU GDPR, and the "Guidelines for Measures Against Money Laundering and Terrorist Financing."
• Balancing Act: There's a recognition that data utilization for AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism), policy analysis, and other public interest purposes needs to be carefully balanced against individual privacy rights.

2. Roles and Responsibilities

• Intermediary Institutions: They handle the bulk of user and transaction information, but with a separation of customer management and ledger management functions. They are responsible for user identification, KYC (Know Your Customer) checks, and AML compliance. They retain sensitive user data (name, address, DOB, etc.) in the customer management portion of their systems, not in the ledger.
• Central Bank: The Bank of Japan will manage the CBDC ledger but is expected to handle a "minimum necessary" amount of user and transaction information. Ideally, they should not have direct access to individual user data and employ a “design so that individual user information and transaction information are not acquired and held as much as possible." If they hold data, it will be anonymized, and kept only for the required period.
• Payment Service Providers (PSPs): The EU proposals indicate that PSPs will have access to online digital euro transaction details “only to the extent necessary" to ensure compliance with EU laws, like AML regulations. Commercial use of data requires explicit user consent. They need to implement strong security and data protection measures to ensure that the data that gets passed onto the ECB or NCBs cannot identify users without further data.
• Government: In normal times, the government will not handle user or transaction data but will receive information when required for AML/CFT or other public policy purposes. The purposes and scope of government access to data must be clearly defined in advance.
• Data Protection Authorities: Both the EU and the UK will have data protection authorities that will oversee the use of the data. The EU system will be supervised by independent data protection authorities.

3. Data Handling and Security

The meeting materials clearly distinguish between different types of data:

• User Information: Personal data that identifies the user (name, address, birth date, etc.). This is kept separately from transaction information.
• Transaction Information: Details of the CBDC transactions (account numbers, balances, transaction amounts, timestamps). This data is handled in the ledger portion.
• Personal Related Information: Data that cannot directly identify a person, but when used with other information, can (e.g., browsing history, location data). This category can be considered a subset of transaction data.

Additional terms have been defined as follows:

• Data Anonymization: Techniques such as pseudonymization, hashing, and encryption will be employed to protect privacy during data exchange. The documents discuss that data should be “pseudonymized" or “anonymized" to prevent the direct identification of individuals.
• Data Retention: Data should only be retained for the necessary duration and must be deleted once it is no longer needed.
• Security Measures: Both technical and organizational security measures are required to prevent data breaches. The EU proposals mention that PSPs are to use “cutting-edge security and privacy protection measures."

4. Legal and Regulatory Framework

• Japanese Personal Information Protection Act (PIPA): A key piece of legislation governing the handling of personal information. It mandates data minimization, specific purpose of use, and obtaining user consent for data sharing.
• EU General Data Protection Regulation (GDPR): The documents highlight the importance of GDPR compliance when considering the EU's approach to digital euro data handling. The GDPR is mentioned as a key component of data protection.
• Financial Sector Specific Guidelines: There are specific guidelines for the financial sector that go beyond general PIPA requirements. These guidelines cover items like purpose of use, handling sensitive data, and security measures.
• AML/CFT Guidelines: AML Compliance is central to ensuring the CBDC system isn't used for illicit purposes.
• Credit Information Guidelines: There are special guidelines for the handling of data relating to lending and credit.
• Legal Basis: The legal basis for data processing, especially by PSPs, needs to be clearly established. The EU regulation suggests both public interest and legal obligation as justifications, but requires clarity.

5. Data Utilization

• AML/CFT: The ability to track transactions is considered essential for combating money laundering and terrorist financing.
• Financial Inclusion: Data analysis could be used to improve financial inclusion programs.
• Policy and Economic Analysis: Data can be used for economic research, monitoring spending patterns, and other public policy purposes. The meeting materials mention that it is important to “study consumption trends" for policy analysis.
• Commercial Services: Data can be used for value added commercial services. However, this requires explicit consent from the user. The UK proposal is that commercial use of data is “under the user's consent."
• Existing Cashless Data: The documents examine the existing uses of data from credit cards and other digital payment systems, both for marketing and for more general consumer finance.

6. Key Issues and Concerns

• Definition of Transaction Data: There's a need to precisely define what constitutes "transaction data" to clarify data protection requirements, especially in the context of GDPR.
• Legal Basis for Processing: The ambiguity of what legal basis PSPs are to use when processing data for public interests versus other reasons should be clearly defined.
• Cross-border Payments: The meeting materials note that cross border payments will require global cooperation and that AML/CFT regulations will vary by country.
• User Awareness The documents note the importance of ensuring that users are aware of the measures put in place to protect their data.
• Data Aggregation and Anonymization: While the sources mention anonymization, specific techniques need to be implemented to ensure users cannot be identified using aggregate data.

7. Future Considerations

• Non-Resident Usage: The plan is to initially limit CBDC access to residents, but a future system to include non-residents is also being considered.
• Data Standardization: There is a desire to standardize the handling and collection of data.
• Ongoing Discussion: The need for continued dialogue regarding data usage, the trade-offs with privacy, and ensuring compliance is also highlighted.

Conclusion

The Japanese government is taking a measured approach to CBDC development, putting a high emphasis on data privacy and adherence to existing laws. The need to balance innovation, data utilization, and individual rights is at the forefront of their planning. The documents show a commitment to "privacy by design" and a concern for public perception and trust. Continued consideration of these topics will be important as planning progresses.

Please follow us to read more about Finance & FinTech in Japan, like hundreds of readers do every day. We invite you to also register for our short weekly digest, the “Japan FinTech Observer”, on LinkedIn, or directly here on the platform.

We also provide a daily short-form Japan FinTech Observer news podcast, available via its Podcast Page. Our global Finance & FinTech Podcast, “eXponential Finance” is available through its own LinkedIn newsletter, or via its Podcast Page.

Should you live in Tokyo, or just pass through, please also join our meetup. In any case, our YouTube channel and LinkedIn page are there for you as well.