University of Cyprus – Court Ruling (Cyprus, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The University of Cyprus was involved in a court ruling where it was found that they denied an assistant professor access to their evaluation reports. This matters because it shows the balance between a person's right to access their data and the need for confidentiality in academic processes. Universities should consider how they handle access requests to comply with data protection laws.
What happened
The Cypriot DPA's decision was annulled by the Administrative Court, which ruled that the university could deny access to evaluation reports during an ongoing promotion process.
Who was affected
An assistant professor seeking access to their evaluation reports was affected.
What the authority found
The court held that the university had a legitimate interest in maintaining confidentiality during the promotion process, justifying the denial of access.
Why this matters
This case illustrates the complexities of data access rights in academic settings. It reminds institutions to carefully balance transparency with the need for confidentiality in sensitive processes.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
An assistant professor (the data subject) requested access to the content of evaluation reports by independent reviewers and letters of recommendation prepared during the academic promotion procedure from the University of Cyprus (the controller). The controller refused access during the ongoing promotion process, relying on their [https://www.ucy.ac.cy/legislation/wp-content/uploads/Rules_of_Evaluation_for_Professional_Advancement_Continuation_or_Termination_of_Employment_of_Academic_Staff_09.05.2023.pdf internal regulations] and long-standing academic practice requiring confidentiality and anonymity of external reviewers to protect objectivity and impartiality. They indicated, however, that access could be granted after completion of the procedure, with the reviewers’ identities redacted. The data subject filed a complaint with the Commissioner, the Cypriot DPA. The DPA held that the controller had violated the right of access to personal data under [https://www.afapdp.org/wp-content/uploads/2018/05/Chypre-Loi-n%C2%B0138I-sur-le-traitement-des-donnees-personnelles-2001.pdf Article 12 of Cypriot data protection law] and issued a formal decision ordering the controller to ensure access, suggesting anonymization of reviewers’ names. The controller then appealed that decision before the Administrative Court. The Administrative Court annulled the DPA’s decision. It held that the DPA had failed to properly balance the data subject’s right of access under Article 15 GDPR against the legitimate interests of the controller in preserving confidentiality and procedural integrity during an ongoing promotion process. The Court emphasized that the timing of the access request was crucial and that temporary restrictions could be justified where disclosure might affect the fairness and objectivity of a complex administrative procedure. The Court further found that the DPA had focused too narrowly on anonymization and had not adequately considered whether deferring access unti
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for University of Cyprus in CY
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. University of Cyprus - Cyprus (2025). Retrieved from cookiefines.eu
Last updated: