"Don't need" as in "there are feasible alternatives."
HN doesn't need to know or share your username to post your comment, it is clearly possible to run a message board without usernames, and conversations could be maintained by generating a random pseudonym for each thread.
Also, the fine (if we are talking about the Danish one) was not for collecting a phone number. It was for retaining it after the retention limit (in this case 2 years, and they kept them for 5 years) without a good cause. The company argued they were and essential part of the database. People love to make GDPR look bad, but it's often not as bad as it looks from a one line summary.
HN doesn't need to know or share your username to post your comment, it is clearly possible to run a message board without usernames, and conversations could be maintained by generating a random pseudonym for each thread.