[chias]

Generally, no.

GDPR specifically carves out keeping data for "legitimate business needs" including fraud prevention and so on. Whatever data Ebay (thinks it) has about this person that they are using to enforce the ban would be data that they would argue falls under this clause.

[Aeolun]

This is circular. If there was no reason to ban him then keeping the data for fraud prevention purposes obviously doesn’t hold any water.