Indeed, GDPR is a giant mess that make no sense for the most part and has proven to be ineffective.
I was kidding about the fix, I just added a note to surface the relay concept, that is central in Nostr; incidentally this works also as transparent informative about where data is fetched, and so with whom IPs are shared, for just technical reasons, has requested by GDPR. In fact it's not different that hotlink an image.
Finally the user can, and should, personalize the relays, using something he has verified and trust (e.g. one's own).