With extraterritoriality. And if identifying people in this way is covered (I'm not a lawyer, I'm not claiming it definitely is), then it's also possible that EU citizens using the tool are committing a criminal offence.
The law seems to only apply where the deidentification has been made by the data controller, but HN admins changing someone's username, for example, if they ever do, would count. A person then using the tool to match another non-anonymous username to that account would seem to be caught.
Important to stress how much of a technicality this is, but that sort of thing can be interesting sometimes.
With extraterritoriality. And if identifying people in this way is covered (I'm not a lawyer, I'm not claiming it definitely is), then it's also possible that EU citizens using the tool are committing a criminal offence.
The law seems to only apply where the deidentification has been made by the data controller, but HN admins changing someone's username, for example, if they ever do, would count. A person then using the tool to match another non-anonymous username to that account would seem to be caught.
Important to stress how much of a technicality this is, but that sort of thing can be interesting sometimes.