[usr1106]

Good point. But even if they (any of those corps running algorithms but no customer support worth the name) comply (which I won't take for granted), you will get some code or keyword that fraudulent activity was detected. Very unlikely that they have technical details of the root cause in their customer DB.

[srrr]

I don't think so. I have not worked on many fraud detection systems but in all cases there was a very detailed record in the logs of what happened and how the decision came to be. In addition, if there was a human review additional data is often generated. You can't just flip a bit in the customer record, or can you? (Edit: And if no information is in the logs I would argue that all information is in the input data and fraud detecting algorithm and thus the algorithm itself gets part of the data. Whatever happened, if the action can not be "replicated" / understood with the data you got after the article 15 request the data is not complete.)

Since the domain and account belongs to you as a person, this is all personal information under GDPR.

[Anunayj]

I've done this with Instagram in the past, and funnily.. after a few emails back and forth.. they just reinstated my account..? and told me to download my data the normal way.

[usr1106]

Well, I'd hope affected users could submit (reasonably anomymized versions) of what they got to HN in the future, so we can stop speculating.

[srrr]

While thinking about it I found an interesting fact: If they don't produce the data that lead to the account ban because they they "don't have it", they don't actually have proof of fraud anymore. If they don't have proof of fraud you can invoke GDPR article 16 "Right to rectification" and "unfraud" your account. Theoretically they can't argue against it because they don't have any data to argue with...

If they don't unfraud you AND don't produce the data they are not in compliance of either article 15 or article 16 and have delivered the proof noncompliance themselves.