PART THREEU.K. SEPARATION PROVISIONS

TITLE VII U.K. DATA AND INFORMATION PROCESSED OR OBTAINED BEFORE THE END OF THE TRANSITION PERIOD, OR ON THE BASIS OF THIS AGREEMENT

Article 70U.K.Definition

For the purposes of this Title, "Union law on the protection of personal data" means:

Article 71U.K.Protection of personal data

1.Union law on the protection of personal data shall apply in the United Kingdom in respect of the processing of personal data of data subjects outside the United Kingdom, provided that the personal data:

(a)were processed under Union law in the United Kingdom before the end of the transition period; or

(b)are processed in the United Kingdom after the end of the transition period on the basis of this Agreement.

2.Paragraph 1 shall not apply to the extent the processing of the personal data referred to therein is subject to an adequate level of protection as established in applicable decisions under Article 45(3) of Regulation (EU) 2016/679 or Article 36(3) of Directive (EU) 2016/680.

3.To the extent that a decision referred to in paragraph 2 has ceased to be applicable, the United Kingdom shall ensure a level of protection of personal data essentially equivalent to that under Union law on the protection of personal data in respect of the processing of personal data of data subjects referred to in paragraph 1.

Article 72U.K.Confidential treatment and restricted use of data and information in the United Kingdom

Without prejudice to Article 71, in addition to Union law on the protection of personal data, the provisions of Union law on confidential treatment, restriction of use, storage limitation and requirement to erase data and information shall apply in respect of data and information obtained by authorities or official bodies of or in the United Kingdom or by contracting entities, as defined in Article 4 of Directive 2014/25/EU of the European Parliament and of the Council(3), that are of or in the United Kingdom:

Article 73U.K.Treatment of data and information obtained from the United Kingdom

The Union shall not treat data and information obtained from the United Kingdom before the end of the transition period, or obtained after the end of the transition period on the basis of this Agreement, differently from data and information obtained from a Member State, on the sole ground of the United Kingdom having withdrawn from the Union.

Article 74U.K.Information security

1.The provisions of Union law on the protection of EU classified information and Euratom classified information shall apply in respect of classified information that was obtained by the United Kingdom either before the end of the transition period or on the basis of this Agreement or that was obtained from the United Kingdom by the Union or a Member State either before the end of the transition period or on the basis of this Agreement.

2.The obligations resulting from Union law regarding industrial security shall apply to the United Kingdom in cases where the tendering, contracting or grant award procedure for the classified contract, classified subcontract or classified grant agreement was launched before the end of the transition period.

3.The United Kingdom shall ensure that cryptographic products that use classified cryptographic algorithms developed under the control of, and evaluated and approved by the Crypto Approval Authority of a Member State or of the United Kingdom, which have been approved by the Union by the end of the transition period and that are present in the United Kingdom, are not transferred to a third country.

4.Any requirements, limitations and conditions set out in the Union approval of cryptographic products shall apply to those products.