It does not apply as HN is not in the EU. If an EU citizen does not want their data collected then they can choose not to participate, as the EU has no jurisdiction over HN.
The EU claims that's not how it works. Everyone else claims that is how it works. It's highly unlikely that the EU will actually be able to enforce it globally.
It's highly unlikely that the EU will actually be able to enforce it globally
If you want to do business in some way with the EU, or have your business officers visit the EU, then that is how it works. The EU took a leaf out of the USA "global jurisdiction" book.
And if they don't comply, what then? None of the penalties can actually be enforced if they have no presence in Europe, unless the US decides to cooperate, which seems unlikely.
There's a process by which US courts can enforce foreign judgments. I wouldn't be surprised if supervisory authorities apply to do this for intransigent US companies.
you can be noncompliant if you have no jurisdication inside the eu, i.e. if hn has nothing inside the eu where the eu can actually send a fine.
also I doubt that the eu would penal hn, because you can delete your username which will impersonate yourself and also hn does not really save that much personal data.
GDPR requests provide 30 days to respond. It's quite possible they have a manual script they can run to grab your data / delete your account, but it isn't exposed via the web.
I don't understand the jurisdiction of GDPR very well, but I thought it applied to all EU users.