The GDPR doesn't use an expectation-of-privacy standard. Personal data is not just an explicit disclosure of your name and address, it's anything that can be used to identify you. Writing style and the sum total of comments indicating your experiences and the cities and organizations you've been attached to certainly fit that standard.

Well, Mirimir can just request that his posts be deleted.

However, I do see an issue: quotes by other users. That's one of the leaks that took down DPR. He deleted his old posts about Silk Road. But another user had quoted part of a post, which didn't get deleted.

GDPR puts the burden on the company to comply if it processes any in-scope personal data, regardless of whether it's possible for the data subjects themselves to minimize that data.

I'm a lawyer but not your lawyer and I have no idea about specific YC or HN details, so take this with a grain of salt, but I think the best argument for why HN is exempt or at very low risk for enforcement is that it does not hold itself out into the EU market for business and is not otherwise subject to EU law(as far as I know, and I have no special knowledge). Users may be from the EU, but HN has no particular nexus to EU law that I'm aware of.

This is important because Article 2 of GDPR ("Material scope") expressly says "This Regulation does not apply to the processing of personal data ... in the course of an activity which falls outside the scope of Union law"