It does not apply as HN is not in the EU. If an EU citizen does not want their data collected then they can choose not to participate, as the EU has no jurisdiction over HN.
The EU claims that's not how it works. Everyone else claims that is how it works. It's highly unlikely that the EU will actually be able to enforce it globally.
It's highly unlikely that the EU will actually be able to enforce it globally
If you want to do business in some way with the EU, or have your business officers visit the EU, then that is how it works. The EU took a leaf out of the USA "global jurisdiction" book.
Yeah if Y Combinator chooses to never do business in the EU (considering one of their companies is Afrostream who does business in the EU, this may be up for debate), they may be able to get away with it. My company only targets US citizens and EU citizens would never get any value of any kind in any way at all from my business, so GDPR is not on my radar. But YC might have a harder time making that claim.
And if they don't comply, what then? None of the penalties can actually be enforced if they have no presence in Europe, unless the US decides to cooperate, which seems unlikely.
There's a process by which US courts can enforce foreign judgments. I wouldn't be surprised if supervisory authorities apply to do this for intransigent US companies.
you can be noncompliant if you have no jurisdication inside the eu, i.e. if hn has nothing inside the eu where the eu can actually send a fine.
also I doubt that the eu would penal hn, because you can delete your username which will impersonate yourself and also hn does not really save that much personal data.