Except HN doesn't collect or process personal data.

Pretty sure email addresses and user generated content (comments) are personal data.

HN is a US website. The EU doesn’t have jurisdiction in the US. I’m pretty sure it’s that simple.

You're wrong.

https://www.cookiebot.com/en/gdpr-usa/#:~:text=Does%20the%20....

> The GDPR has extra-territorial scope, which means that websites outside the EU that process data of people inside the EU are obligated to comply with the GDPR.

I see that site makes the same assertions about jurisdiction that the comments here are making. However, it provides no explanation for why the EU can actually claim that jurisdiction, which is my whole point. Why are they obligated? How does the EU have such authority?

I say it doesn’t, for the simple reason given upthread, and you have provided no evidence to the contrary.

Same reason Americans can sue companies from other countries in American courts: treaty recognition of legal judgments.

Yeah, but AFAIK there is no such treaty.

One weird GDPR implication our team considered during initial implementation of our solution was US citizens traveling to Europe, and even people visiting embassies of EU countries in the US, would seemingly trigger all applicable constraints of the legislation.

Personally, I still view GDPR more akin to regulatory capture than actual consumer protections; although, I do admit, more than anything, the Internet needs more consumer protection.