Digital Identity

Data protection and the cashless society

Cash may be the last bastion of financial privacy. This is a feature which it has retained for its 40,000 year history, but the current use of cash is in rapid decline. When was the last time you reached for your wallet to use coins or notes to pay for something? Studies show that it was more than likely in a low value transaction (typically under $10) or if you are a consumer who, for whatever reason, favours transactional privacy. Such transactional privacy is largely achieved as cash, in financial terms, operates as a bearer instrument. This means coins and notes act as tokens representing a government promise to pay the bearer, and requiring no further intermediary to parse or record the money flow between a person paying and a person being paid – you simply hand over the token. This is distinguishable from payments you make using electronic systems (like a debit or credit card) given to you by your bank. Bank-held money is a representation of the bank’s credit in your favour, and in reality is little more than digital ledger entries on the bank’s accounting systems. The bank needs to be able to identify you to create an account and credit it in your name in their ledger. The bank also needs the details of any payee accounts, so it can record debits against your funds, creating various digital ‘breadcrumbs’ relating to your identity and financial activity.

Currently, these two systems – the use of cash and non-cash means of payment – exist in tandem. Consumers retain the freedom to choose whether to transfer money via electronic fund transfers, debit or credit cards, online payment systems or via withdrawal of funds at ATM’s and settlement in cash. This freedom is quickly eroding.

Globally there is a decline in the use of cash. This is driven by a variety of factors, including alternate and vastly more convenient electronic payment methods (now also including privately operated platforms such as Zelle and Kenya’s M-PESA); a drive by banks to become leaner to compete with fast-emerging fintech alternatives; government initiatives, such as Sweden’s Riksbank’s e-krona (a venture into the realm of central bank digital currencies); and the impact of the COVID-19 virus. Couple this with the more exotic alternatives such as cryptocurrencies and stablecoins, such as Facebook’s Libra, and you may be forgiven for wondering why paper money continues to exist at all. However, some caution is needed in hastening the death of cash, as we may take one of its most relevant features for granted – privacy.

Prison of Watchable Payments

The debate surrounding cash as a means of ensuring financial privacy is a tricky one. The desire for financial privacy is oft associated with money laundering, racketeering, and drug trafficking, with virtually all countries having some form of Anti-Money Laundering laws to combat this. On the other hand, there are less nefarious reasons to want financial privacy. There are the obvious concerns arising from the threat of hackers executing identity theft and payment fraud, and perhaps the less obvious issues surrounding the potential for suggestion engines and behavioural marketing.

However, in what financial journalist Brett Scott described as the ‘prison of watchable payments’, there is a much broader risk associate with a purely cashless society, which goes to the heart of the desire for privacy – informational self-determination. In such a society, anyone without a bank account is excluded from the financial system and thereby citizens lose their bargaining position in respect of the information they willingly concede. With a hawk’s eye view of every transaction in an economy, both private providers and government would possess an unparalleled ability to influence and enforce behaviour. In particular, those operating in the legal ‘grey areas’, such as refugees and immigrants, would be subject to the whims of a surveillance state. Up till now, cash has mitigated against this, acting as an empowering resource and creating a space for dialogue between those in the grey areas, organisations such as Wikileaks, and the letter-of-the-law. Matching this feature in a cashless world will not be easy.

Photo by Burst on
Cash-like alternatives?

Decentralised digital currencies have been heralded as being able to guarantee immutable anonymous payment solutions, but the truth is murkier than this. For example, there are many who assert that a public permissionless blockchain can never be compliant with the General data protection regulation,  in current iterations and significant work is need to bridge this gap.

Photo by master1305 at

The reality is the both government backed solutions and private alternatives may need to rather embrace the concept of Article 25 of the GDPR – privacy by design and by default. In private solutions, this includes ground-up technical design and the identification of equivalents for best practice privacy enhancing technologies (PET’s), such as sidechain enabled onion routing and embracing self-sovereign identity systems. However, in private solutions, concepts such as regulatory oversight are an explicit non-goal. In contrast, government issued or backed solutions such as e-money, CBDC’s and synthetic CBDC’s need to decide where they land on the spectrum of (i) fully cash-equivalent privacy architectures, on the one end, and (ii) 1984-esque identified architectures, on the other, and further what their constituents are willing accept.

This is because government will be directly balancing the interests of the individual’s right to privacy, informational self determination and freedoms against the transparency needs of society at large in, for example, crime-prevention. As the answer will most likely land in the middle, it may be expected that government issued or backed alternatives will never actually be cash-equivalent.

It therefore seems that after its long history, if cash were truly to disappear, we would indeed be losing something. Although privacy enhancing mechanisms may be installed in its alternatives, this would be in some sense artificial in comparison to the innate ability of cash to protect financial privacy. Right now, insofar as privacy is concerned, this may indeed be one of those rare instances where the old technology is better than the new.


Risks with Track and Trace Apps

The explosion of Track and Trace Apps has raised various privacy related issues, particularly in the architectures used for the applications and possible abuses of gathered data from users.