With the nature of the internet, websites are accessible to and are able to provide products and services to customers worldwide. While having access to such a large market is advantageous to website businesses, it also poses potential problems.
There is potential that website businesses will be dealing with clients from varying countries with different country laws that may be applicable to the provision of the goods and services. However, the internet is an area that is largely unregulated in most countries with the exception of some consumer and in most cases, privacy laws.
New privacy legislation – The General Data Protection Regulation (GDPR) – came into effect in May 2018. This affects all businesses who collect personal information from UK and EU citizens. If you are an Australian business engaged in email marketing to UK and EU customers, then you need to comply with the new regulations.
For more information read our guide: How to Comply with GDPR.
This should be the case when a customer is making a purchase through a website. The website should stipulate what country law will regulate the website and contract of sale. Irrespective of where the purchaser is, they should be bound by the law of the website as agreed, unless they are acting illegally in their own jurisdiction which does not acknowledge internet law for the purposes of your website.
This may also be true of other countries where your website may be seen to be providing such products and services. A website cannot always protect themselves as they cannot control who accesses their information, however you can manage risk better by ensuring that you, at minimum, are complying with your home jurisdiction and ensuring this is clearly stated on your site.