There is a tendency in Cyprus either to completely ignore EU directives or to implement them with excessive zeal. In the former category are nature conservation, waste management, water protection and energy among other things, while in the latter there are the green taxes, which the government decided to impose before it was necessary to do so, and the General Data Protection Regulation (GDPR) that is so extreme it protects law breaking.

The way GDPR has been enacted in law or has been interpreted in rulings by judges has resulted in much absurdity. For example, pictures of cars parked illegally on the pavement were ruled as inadmissible in court because taking the pictures constituted a violation of the law-breaker’s personal data. Was this resoundingly absurd ruling dictated by the provisions of the relevant law or was it the result of a poor interpretation of the law by a judge? Regardless of the reasons, there is now a legal precedent that prevents the prosecution of law breakers.

The main enforcer of GDPR, however, is the personal data protection commissioner Irene Loizidou-Nicolaidou, who has used the relevant law to build autocratic powers – intervening everywhere, issuing diktats and imposing fines. It does not seem rational that so much power is given to a state official, who is entitled to investigate whoever she chooses, declare them guilty of violating the data protection law and impose a hefty fine as well.

Some of the commissioner’s decisions beggar belief, but its seems the law, or her interpretation of the law, gives her the power to issue arbitrary and irrational decisions. A Wednesday press report  gave several examples of the commissioner’s heavy-handedness. She ruled that CCTV in a workplace could only film objects of value and not individuals, after a complaint by a person, who had been sacked based on CCTV evidence. The person had said that she had not been informed about the existence of cameras, which was probably the only mistake the company had made.

In another case reported, the commissioner was not satisfied that a company had secured written consent from employees for the use of CCTV in the workplace and ordered the removal of the cameras, because she decided the employees were afraid to express their disagreement. While this may have been the case, the commissioner cannot issue decisions based on gut feeling or personal prejudice.

But this is exactly what she has been doing, in what seems like an abuse of power. She said the law prohibited employers from using cameras to monitor workers. But does the law also prohibit a human supervisor from monitoring workers throughout the workday? There are still businesses that employ them, and they are not considered to be violating workers’ rights. What does the commissioner say about this, or has nobody complained to her yet?

These sweeping powers enjoyed by the personal data commissioner must be reviewed and curtailed.