[foxfluff]

Spirit of the law is a concept I would encourage anyone to think about when arguing about these things. I believe most people, and courts in particular, would not agree that a human rubber-stamping automated decision is in line with the spirit of the law. Clinging onto a technicality isn't going to go well.

I'd also like to point out that these laws don't just come out of nowhere in a vacuum, to be interpreted without any further context. In EU we have recitals and guidelines to give context and support the interpretation of regulations.

If you're interested, do read Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01).

https://ec.europa.eu/newsroom/article29/items/612053/en

Here's what it says about human intervention: "Any review must be carried out by someone who has the appropriate authority and capability to change the decision. The reviewer should undertake a thorough assessment of all the relevant data, including any additional information provided by the data subject."

[SpicyLemonZest]

But the entire premise here is a "letter of the law" thing. Online account bans are pretty clearly not within the spirit of the GDPR restrictions on automated decisionmaking; note how the guidelines you linked, despite providing quite a bit of detail about different kinds of automated decisionmaking and rules around them, don't mention account bans at all.

[foxfluff]

There's only a handful of examples, and to me it is far from clear whether account bans would be in scope of the law. It's not meant to be an exhaustive list of all the things that are covered.

However, I could make the case that losing an account which holds years of your private correspondence and is your point of contact for private exchange, services you rely on (including where bills, account recovery emails, policy changes, warnings & alerts, 2fa codes, and other very important messages are sent), potential employers or clients, and which doubles as a login for other services (see openid) and so on, can have a significant effect on your life and could potentially fall under "decisions that deny someone an employment opportunity or put them at a serious disadvantage" or (admittedly vague) "lead to the exclusion or discrimination of individuals."

Some of the other examples in the guidelines seem mild by comparison (e.g. getting a reduced limit on credit card).

My perspective is colored by both having lost access to an email account and also being denied a credit card application; the former was a much bigger problem.