At least one US state has a data protection law that gives a similar basis for deletion requests. HN already has to honor these, even though they might or might not be useless for EU citizens.

My understanding of GDPR is that, theoretically, any service which is used by European citizens is subject to GDPR. It's the citizenship of the user, not the location of the hosting or service.

Under the same kind of reasoning, Hong Kong’s security law of a couple of years ago has global reach and European citizens in Europe can be held responsible for violating it if they say the wrong things.

Technically true, but in practice, jurisdictional limitations mean that this is often ignored without consequence by those who do not have a financial presence in the EU.

Y combinator is invested in quite a few EU companies fwiw

The EU can claim whatever they want - ownership of the moon, taxes from Chinese villagers, or that US companies in the US have to follow their little rules. Doesn't mean they have the right, jurisdiction, or authority.

Dang has confirmed via email he doesn't care about GDPR and has no intention to conform to it.