I believe the GDPR already has that. The problem is that the GDPR is not enforced enough and not enough resources/willingness are allocated to enforce it.
The problem in account termination cases would also be that:
1) they can claim they've reviewed the ban, that it's legitimate and they're refusing to disclose the reasons behind it to avoid helping people circumvent the ban, while in reality they didn't do any investigation at all. Proper enforcement should be able to pierce through this veil (by forcing them to disclose the reasons and data behind the bank to the regulator, a neutral third-party), but it's missing and nothing suggests it's going to get any better.
2) given that businesses are still allowed to essentially "fire" customers at will, and changing that is impossible due to wide-ranging repercussions, nothing prevents them from "firing" you anyway. Proper antitrust enforcement is needed here (so that you're not allowed to "fire" customers this way) but that's missing as well.
That’s the problem with all these abstracted types of legislation.
All it would take is to reestablish that you are the sole owner of your information that is your property, as has been established by the courts, and it cannot be sold without a formal contract, e.g., the way real estate is transferred; and that any tracking is illegal stalking and wire fraud (because it is) just like tapping someone’s phone would be since it is using the public internet. Alternately, these companies can stop relying on the public internet for illegal criminal actions and fraud, and build their own internet if they want to track and stalk people.
The law exists, it doesn’t matter what other laws you make when none, even the fundamental Constitutional law, is not enforced and simply ignored. We have too many people who have these narcissistic perceptions that the real problem is that their pet legislation hasn’t been added to the mountain of legislation; when the real problem is people trying to control others, some in business, some through legislation.
If the general public does not recognize this soon, the clutter of legalization will become a prison, if it isn’t already.
The GDPR does require algorithmic decisions to be non-final. However it provides no mechanism beyond allowing the company to just claim they manually reviewed the case and came to the same conclusion as the algorithm. The purpose of that requirement is really more to limit the effect of automated decisions by insurance companies and such.
The problem in account termination cases would also be that:
1) they can claim they've reviewed the ban, that it's legitimate and they're refusing to disclose the reasons behind it to avoid helping people circumvent the ban, while in reality they didn't do any investigation at all. Proper enforcement should be able to pierce through this veil (by forcing them to disclose the reasons and data behind the bank to the regulator, a neutral third-party), but it's missing and nothing suggests it's going to get any better.
2) given that businesses are still allowed to essentially "fire" customers at will, and changing that is impossible due to wide-ranging repercussions, nothing prevents them from "firing" you anyway. Proper antitrust enforcement is needed here (so that you're not allowed to "fire" customers this way) but that's missing as well.