If HN removed their record of the email address associated with a username, might that satisfy GDPR? The personally identifying data has been "forgotten". From that point on, the comments could have been entered by "anyone".

▲

tobr 20 hours ago | parent | next [-]

Why would it? A comment in itself might contain information about anything and anyone, and always contains some personal information about its author, such as the time they published it and the handle they were logged in as. That doesn’t go away because the email associated with it is removed.

	▲	the_other 13 hours ago \| parent [-]
		Surely it does, if there's no way to point back to the specific user. The best one could say is "someone using this username posted this message at this time, but we can't tell who that was". I accept that if someone data-mined every comment by said user, they might be able to build a picture of said user clear enough to identify them (e.g. posting times might indicate likey country of origin). Possibly, depending on the content they posted. (I'm just thinking around the problem. I'm not a security/privacy researcher designing systems I'd like others to use, just an interested user curious where the lines in the law lie, and also what the threat models might be to me as a user.)

▲

LexiMax 20 hours ago | parent | prev [-]

I like this idea, actually. A good chunk of HN is throwaways and accounts otherwise disconnected from any sort of person-hood these days, the messages from "forgotten" accounts wouldn't even particularly stick out.