Hn has no EU presence so doesn't have to follow EU laws, no? Or do they have to ip block Europeans? What would the EU actually do to hn if they did decide to enforce the rules here?
GDPR is about data, not companies. It applies to all entities regardless of where they are established as long as they're doing business in the EU or processing data of EU citizens.
True, but GDPR does not automatically apply to global companies that just happen to get used by EU citizens. There are two separate conditions, either one is sufficient, but if neither are met then GDPR does not apply. The company must either offer services to EU citizens directly, or profile behavior of EU citizens, e.g. via direct advertising within Europe. See Recitals 23 and 24 https://gdpr.eu/Recital-23-Applicable-to-processors-not-esta...
> Article 3.2 goes even further and applies the law to organizations that are not in the EU if two conditions are met: the organization offers goods or services to people in the EU, or the organization monitors their online behavior.
> In order to determine whether such a controller or processor is offering goods or services to data subjects who are in the Union, [..] the mere accessibility of the controller’s, processor’s or an intermediary’s website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the Union, may make it apparent that the controller envisages offering goods or services to data subjects in the Union.
> it should be ascertained whether natural persons are tracked on the internet including potential subsequent use of personal data processing techniques which consist of profiling a natural person, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes.
So, I'd say no. The mere fact that HN is accessible to people in the EU does not show intent. HN is an English forum, which is the native language of the country where it is established, and does not offer its services in additional European languages, and does not advertise products in the Euro currency. I'm unable to know for sure, but I don't believe HN is using my posts here to predict or analyse my personal preferences either.
I'm inclined to say that's a wrong interpretation. You don't have to sell anything to be required to be compliant with GDPR. My understanding is any entity (not necessarily a company, mind you) collecting personal or behavioral data of EU citizens needs to comply to the GDPR. Were HN to collect such data, EU laws would apply. But take that with a pinch of salt, I'm no lawyer or anything.
