An update to Twitter’s terms of service that was made months ago is still locking users out of the platform for being underage — even though some are in their mid-20s. Some users, like early adopter and university student Tom Maxwell, were locked out because they’d never bothered to fill in their birthday until recently, and they may have even been barred from doing so in the past.

“For a couple of years, I couldn’t actually update my birth year on Twitter. If I tried to select my correct year, 1996, it just would be grayed out,” said Maxwell, a 22-year-old Twitter devotee, who found himself suspended last week. “On Wednesday, I checked again and noticed I could select 1996, but as soon as I saved the change, my account locked.” Though Maxwell has appealed repeatedly, he’s still locked out of the platform — at least for now.

Others who have appealed — either by providing some sort of parental consent or submitting documentation like birth certificates or passports to prove they’re of-age — have hit similar walls. Some managed to break through: a popular tactic seems to be repeatedly spamming Twitter’s support line with documents proving that the user is of-age, according to several Reddit threads dedicated to the lockouts.

“We sent in my population registration certificate, and now I’m hoping for the best,” one 16-year-old who was locked out this past weekend said, adding that the appeals process felt “very sketchy.” The user noted how “sending in a copy of your ID after having clicked a link in an email doesn’t feel very safe,” and Twitter claims “they delete the document after having reviewed them, but you can’t know for sure.”

The first wave of Twitter lockouts came months ago, barring the site’s early teenage users whose self-declared date of birth suggested that they were under 13 when they first signed up. In early June, the company said that it would begin working on a long-term solution and will (slowly) reinstate those accounts. But for thousands of users, the blanket ban still hasn’t lifted, and there are some users who are getting freshly locked out because of the overreaching rules.

These bans are part of Twitter’s attempt to comply with the European Union’s General Data Protection Regulation (GDPR) — a privacy-centric piece of European legislation that went into effect this past May. It mandates how companies — including tech giants like Google, Amazon, and Twitter — handle citizens’ data, even if the companies are based outside the region. Creating a user “contract” with anyone under 13 is invalid without parental permission, according to GDPR mandates, and legally, all content created by an underage tweeter must be deleted, or Twitter might be met with hefty fines.

Twitter’s attempt at GDPR compliance is ineffective, at best

Twitter declined to comment on the specifics of why it hasn’t yet reinstated many of the locked accounts, and why a long-term solution hasn’t happened yet. But a source told The Guardian that the company doesn’t have the tools to parse out content created before a user turned 13 and the content they created after their 13th birthday. Instead, the source explained, the only way they could comply with GDPR was to retroactively suspend accounts that were possibly created by underage users.

“We recently made product changes tied to new privacy laws (GDPR) and became aware of accounts that were set up by people when they were younger than 13,” said Twitter’s Support Team in a public statement made early last month. “These accounts were automatically locked, and we created additional confusion by sending messages to people saying that they’re still under 13 (when many are now older) and need to close their accounts.”

Though a source at the company says that they’ve been “in communication” with users since July 18th, users have still been getting locked out of their accounts after updating their birthdays, and the appeals process, for some, is a slog to get through. It’s leading some to sidestep it entirely and just start from scratch with a new account.