Just speculating here, but if they're storing his twitter account name, that might well be considered PII for the purposes of the GDPR, so they'd be required to disclose that they've stored it and any related information (like the reason they've stored it)... Also, their email response strongly implies they're storing previous requests - I'm not sure the GDPR covers emails he's sent to them though...
IANAL But as I understand it if they have any internal records/messages/emails etc about why they blocked a user on twitter then that would be classed as personally identifiable information and would have to be revealed to the user on demand.
Of course if they just spontaneously clicked 'block user' whilst browsing twitter because they just didn't like something he wrote then the above would be moot.
They probably have personal data / personal identifiable information about you when they blocked you and still know about it... And you can ask them what data they have about you.
Doesn't need to be a database, a simple spreadsheet or text file would do as well.
And you would be surprised to know how frequent those are (not necessarily about Twitter but in general about customers/employees/visitors in shops etc.)
Or just an email message mentioning the person. That's why I brought up the GDPR in the first place. My wife knew someone who was complaining against his insurance company, they were blanking him. So he put in a subject access request and in all the stuff he got back was an instruction sent to all customer service staff via email telling them to block him if he ever tried to contact them via social media.
The above happened under the 1995 DPD regime, the GDPR would probably be even more useful.