[SpicyLemonZest]

But the entire premise here is a "letter of the law" thing. Online account bans are pretty clearly not within the spirit of the GDPR restrictions on automated decisionmaking; note how the guidelines you linked, despite providing quite a bit of detail about different kinds of automated decisionmaking and rules around them, don't mention account bans at all.

[foxfluff]

There's only a handful of examples, and to me it is far from clear whether account bans would be in scope of the law. It's not meant to be an exhaustive list of all the things that are covered.

However, I could make the case that losing an account which holds years of your private correspondence and is your point of contact for private exchange, services you rely on (including where bills, account recovery emails, policy changes, warnings & alerts, 2fa codes, and other very important messages are sent), potential employers or clients, and which doubles as a login for other services (see openid) and so on, can have a significant effect on your life and could potentially fall under "decisions that deny someone an employment opportunity or put them at a serious disadvantage" or (admittedly vague) "lead to the exclusion or discrimination of individuals."

Some of the other examples in the guidelines seem mild by comparison (e.g. getting a reduced limit on credit card).

My perspective is colored by both having lost access to an email account and also being denied a credit card application; the former was a much bigger problem.