HN Violates the GDPR
There is no way to delete your account and your comments on HN. This is a violation of the GDPR. Why has this not been addressed yet?
https://gdpr-info.eu/art-17-gdpr/ Citizens don't have an absolute right to have all data erased on request. The comments are still needed and being used for the purpose they were gathered for, so this fails the first point in your link > the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; If there is identifying data in the comment you can email the mods and they will (I think) redact it for you. Most usernames do not identify a natural person, so that means most accounts fall outside GDPR. If they do identify a natural person I think you could email the mods and they'd change the name. (Obviously I have nothing to do with HN so I can't tell you what they will or won't do). tl;dr most accounts aren't covered by GDPR and the mods will do stuff with the ones that are. Renaming gets interesting too. The person requesting the rename would have to also chase down all the off-shoots of HN that cache and re-display all the messages in different formats. And then there is archive.org that would have copies of all sites in question. Archive.org isn't going to rename anything. I don't believe this is compliant with the GDPR. Afaik usernames are considered personal data, as are user ids. Both are a form of online identifiers: "Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them." Sure, if I can identify the natural person from the name yummybear then yummybear is personal information. But HN simply can't do that for most accounts, and so for most people their username isn't personal data. If you write to the moderators at hn@ycombinator.com they'll answer and comply quickly. IANAL My armchair argument would be that when you sign up to post on a public forum, you should have every expectation that your posts will remain visible. Expecting otherwise would be rather like publishing a book before invoking GDPR to 'un-publish' it and demanding to have all the sold copies destroyed several months after release simply because your name is on the cover. The expectation of content remaining public is also explicitly stated in HN's terms, along with a pretty broad-ranging agreement to allow them to use the content you upload. Thus arguably HN has a contractual right to continue publishing the content, as allowed for under art 6.1(b). GDPR Article 6: "Processing shall be legal if and only if to the extent that at least one of the following applies ... (b) processing is necessary for the performance of a contract to which the data subject is party ..." Are you saying you want EU users blocked from HN? Lots of sites have done that, but I think EU users find the blocks annoying. I'm sure we could find a North Korean law HN doesn't comply with, if we looked hard enough. Last year's discussion "Ask HN: Does HN respect the GDPR?" https://news.ycombinator.com/item?id=16661323 Why do you think Article 17 applies to Hacker News? I don't mean the GDPR, I mean having read the article, which of the grounds do you believe applies? The only one that's plausible is 1.b), and I'm not convinced that Hacker News is storing your data using Article 6 1(a). The Right to Erasure applies to some pretty specific situations, mainly where the data is being held using consent only. I'm fairly sure that Hacker News stores your user content either under "Legitimate interest" or "Contract". Why would HN care about some EU directive? They also don't have that obnoxious cookie warning. I think they don't have a cookie warning because they don't use profiling cookies but just the technical ones. I care about GDPR because my employer has a physical presence in multiple EU countries. However, a US based company with no physical presence wouldn't really care. Wouldn't it be nice if they had to. There are a lot of things in GDPR that I agree with and anyone who follows it in spirit is going to get my business over someone who does not, and that is something all of us can do. But beyond that, I'd recommend that OP remember the classic saying "You catch more flies with honey than you do with vinegar" and maybe ask the moderators nicely to remove whatever past comments are irking him. AFAIK the GDPR applies to every company, regardless of where it is located, as long said company has customers / users / ... from an EU country HN is a small scrappy upstart that has only invested in $80B of tech companies. It can't possibly be expected to comply with the GDPR. <sarcasm>