Bob lives in Manchester, or alternatively in Lyon. He purchases a product or service from a vendor in the USA, or perhaps Timbuktu.
Do European or British consumer rights legislations bind the American/Malian trader to protect Bob, as the GDPR would?
Under UK law there is a very useful consumer protection provided by section 75 of the consumer credit act 1974. If I buy an item or service that costs between £100.01 and £29999.99 and use my credit card to pay for at least £0.01 towards the purchase and the supplier anywhere in the world fails to deliver then the UK based credit card company is liable to return the entire cost of the purchase, not just the part that was charged to the credit card
As a result there is no need to sue the supplier that is not under the jurisdiction of UK law.
In theory, what Dale says. However, in practice:
And I apologize profusely to the Malian people, I have every reason to think it is a fine country in which citizens obey international laws and honor claims, unlike certain other countries. In anglo/Five Eyes nations, Timbuktu tends to simply be used as a metaphor for "a country far, far away and different in its ways than us".
If Bob is regularly buying things in the USA or Timbuktu, then either Bob works for Aperture Science and is using portals, or more likely Bob is using mail order. And now, we get to the nut of it.
Most mail order sales are done by mail-order sellers who deal in volume. Those people choose their jurisdictions and venues carefully. And they have help.
Do European or British consumer rights legislations bind the American/Malian trader to protect Bob, as the GDPR would?
No! That's WHY they're in Timbuktu! (or, wherever they actually are; generally behind what I'll call the Red Curtain.) The point of being there is to be untouchable by civil action or government penalty due to that government's non-enrollment in international agreements, and outright obstruction of such actions.
Yes, they and their legal team have crunched the question of "what happens when a European or Briton sues us? What happens when an Anglo or EU government tries to action us?" Their companies are structured so they slough those off at minimal real loss. Ever notice how many sellers have a company name that looks like they rolled their face across a keyboard? That's a sockpuppet shell company, and they have thousands of them. If their other layers of defense fail, they simply fold that company and create another. Their government lets them do this, because they chose jurisdictions wisely.
A huge fraction of mail order sales are done on this basis, typically through web sites which purport to be "only a marketplace connecting buyers to sellers"... even though some of those marketplaces also provide warehousing and shipping services to the third party ("only a warehouse" and "only a drop-ship firm")... and even though they are known for selling their own products, and use the smallest text on the page to mention that this particular item is from a third party. Not mentioning any names.
This type of "be fully complicit in selling junk, while the seller of record hides behind the Red Curtain and uses arrays of shell companies to limit exposure" has become systemized in much of the mail order world.
Another scheme I've seen is to trick American consumers into being the seller of record; these people end up "holding the liability bag", and are typically not insured and not collectible in any practical way.
Of course you have lovely companies like Eaton, Midnight Solar, Harsco Rail, Roshel, ILSCO, etc. who will meet GDPR simply because it's the right thing to do, even if they don't have feet on the ground inside the EU or UK against which those governments might action. But nobody asks if they're subject to GDPR, do they?
The Consumer Rights Act 2015 applies to most contracts between traders and consumers that are subject to the jurisdiction of English and Welsh, Scottish, or Northern Irish courts. All this requires is sufficient nexus between the contract and the jurisdiction - if either the trader or the consumer is located in say, Nottingham, that’s sufficient.
The Act cannot be contracted out of so even if the contract is to be governed under the law of another jurisdiction the CRA still applies. This is not an uncommon occurrence in the modern world. For example, an English trader sells to a person in Australia using a contract under Californian law (because most of their customers are American) will be subject to the UK Consumer Rights Act, Australian Consumer Law, and Californian contract law. Depending on the temperament of the judge, this will either be the best or the worst case of their life.
