[BeeOnRope]

> What about users who have two or more citizenships?

As long as one of them is in the EU, the GDPR would presumably apply. Generally you get all the rights (and responsibilities) of all your citizenships should you have multiple. Even without multiple citizenships this often arises since you have have rights as a resident in one country, while having a single citizenship in another country.

> What about users who have none?

The GDPR would not apply.

> ... what about people who have neither a passport nor an identity card?

The easy out would be to allow the GDPR benefits to anyone who claimed to be from the EU, without requiring them to prove it. This would be compatible with the GDPR, although it might allow some "leakage" (from Facebook's perspective) in that people outside of the EU might fraudulently claim the GDPR benefits.