If the ICO (UK) issued a fine, you wouldn't appeal in Spain, would you? Because of course you respond to the DPA that issued the fine or complaint. Am I not understanding your question?
The only entities that can enforce GDPR are the DPAs in various EU countries. So if some action is taken against a non-EU company, it's anyway done by one of the DPAs - e.g. if there's a complaint against some USA company by a German citizen, it would be the German DPA handling that.
Any decisions of German DPA can be contested just as any other administrative decisions in German courts, the German DPA is fully under their authority. Yes, you won't have your local courts, but it doesn't mean that you can't appeal - you simply have to file this appeal where the contested decision was made.
You get the courts that the person you're servicing uses. Like when you sell to someone in a particular country and have to abide by their sales and tax laws.
That’s not true on both accounts EU courts have no jurisdiction over non-EU entities and there is no process on how to arbitrate a lawful retention requirement which trumps GDPR between EU and none EU entities.
As for the taxation part of your comment that is again an incorrect statement in fact it’s categoriclaly false.
If I as say a Brazillian company want to sell goods to an EU resident I do not perform any tax collection other than the local taxes in my country.
In fact it likely means that I can forgoe some local taxes like VAT or sales tax due to export.
You as the customer are obliged to pay all taxation related to this purchase which is usually paid when the item clears customs as the customs duty.
The only cases when one would collect tax on behalf of another country is when there is an explicit tax agreement to do so and process to support it. This is extremely rare and usually only happens within shared customs unions.
As a non-EU entity I legally can not collect VAT on behalf of EU customers because I have no way of paying that tax on their behalf.
What, like US courts have no jurisdiction in the EU? I can pirate US movies, and as a EU bank, not report on US citizens in the EU to the US?
Those weird things aside, this isn't about collecting VAT. It's about remaining within the confines of the law of the country you're conducting your affairs in.
It's like if I, as a Russian, wanted to sell a car to someone in the US, I'd have to ensure that my car meets whatever requirements/standards the US sets out for vehicles. If my vehicle doesn't meet those standards, which court do you think I'd have to appeal in, as a Russian selling a car to an American?
Those copyright laws are enforced through local copyright holders and or existing trade agreements which again is something that understood and is established in international law including WTO regulations.
The GDPR has no mandate under existing international law.
The level of strawmaning is getting ridiculous when 2 countries sign a trade agreement you have 2 electorates which have a say in what is going to happen.
The GDPR extra-territorial application isn't just extra-territorial it's extra-judicial in which you have a law forced on you that you have had no saying in how it was passed and you have no saying it how it would be interpreted and or enforced.
That's not correct as a non-EU entity I'm under no obligations to register for MOSS or to collect VAT unless under TBES (which is nothing new since it's an extension of the old VOES scheme) which applies to a limited number of services only:
https://ec.europa.eu/taxation_customs/business/vat/telecommu...
Even if by some chance you are a small business that for an inexplicable reason does fall under this you can get out of this scheme fairly easily (VAT exemption rules apply) and more importantly VAT can be handled by a proxy e.g. a payment processor.
For businesses there is no VAT collection at all and all businesses must pay reverse VAT when purchasing (or providing) services from (and to) outside of the EU regardless if they fall under TBES or not.
Again only if the goods fall under the criteria set by TBES if you are above the limit in a specific country which in the UK for example is £85,000 and it's more or less similar across the EU.
This means that most businesses it's not an issue since you can have a turn over of a few 100,000 EUR spread across the EU without being required for registration.
This is also solved via your payment processors and what would you know the EU also offers you the infrastructure to register where is the one stop shop for GDPR?
34,000 EUR on average 31,000 without the UK, and 37,000 without the Nordic countries.
You also must provide a service that is qualified for VAT since it doesn't cover all non-tangible goods e.g. anything that is actually produced by a human but is delivered digitally like professional services.
What court do you use to appeal a complaint or a fine?
There are no processes at all for a non-EU entity to function within the GDPR and saying it’s not rocket science isn’t going to change that.