At least in Europe most of the bounty spreadsheets and even quite a few of the bounty proof of join threads are clearly illegal, since they breach personal user information that becomes visible to anybody such as the email and often name and surname.

Regardless of whether you provide your real data or a dataset for the bounty, which is not your primal true contact information, all nominal data should be hidden from a general public view, and not become visible in a public list to all.

As per definition, Personal Data is any information that relates to an identifiable individual.
Examples are:
•   a name and surname
•   an email address name.surname@domail.com
•   a home address
•   location data (geolocalization);
•   IP address
•   Etc.

The first two are clearly found on bounty spreadsheets and should not be visible to everyone.