You would also need a GDPR requirement that the user doesn't have to provide info he doesn't want to, and that is not a reason to deny service (e.g bar doesn't get to demand your age, only above 21 or not).
It also assumes that users providers will be forced to store information on your behalf (such as the knowledge that the user has been banned).
This should be part of authorization, as I've said before. ANy provider proved of commutting fraud in that aspect would need to be banned, immediately. THis wouldn't even need to be a law, simple, app Store like guidelines would suffice.
It also assumes that users providers will be forced to store information on your behalf (such as the knowledge that the user has been banned).