Central bank digital currency (“CBDC”) is a crucial FinTech development that aspires to overhaul the current payment system. In the wake of the COVID-19 pandemic, CBDCs’ promises to reduce personal contact, facilitate socially desirable use of money, and initiate more targeted monetary measures have increased their popularity. In addition, CBDCs can potentially serve as a tool to internationalize a sovereign’s currency. World central banks, thus, have gradually formulated a consensus on structuring CBDCs, leaving the regulatory aspects of CBDCs deserving more attention. Among the regulatory issues related to CBDCs, observers often mentioned their association with privacy concerns, but comprehensive studies on this aspect of CBDCs remain limited.

In this paper, we discuss the privacy concerns associated with CBDCs and attempt to introduce discipline upon CBDCs and their issuing central banks. We first demonstrate the privacy implications of CBDCs and highlight the risks that issuing sovereigns misuse CBDCs to serve their agendas. We then discuss, in a domestic context, several architectural designs proclaimed to address CBDCs’ privacy concerns and propose further disciplinary mechanisms that may credibly enforce privacy protection laws against issuing central banks and other governmental authorities. We finally highlight the extraterritorial character of modern privacy laws, which allows foreign privacy protection regulators to discipline the CBDCs of other sovereigns. Through this analysis, we argue that applying modern privacy laws with proper supporting mechanisms may effectively discipline CBDCs and their issuing central banks.