At least in Europe most of the bounty spreadsheets and even quite a few of the bounty proof of join threads are clearly illegal, since they breach personal user information that becomes visible to anybody such as the email and often name and surname.
You can only get a prosecution if the campaign manager is in the EU/EEA (of which quite a lot probably aren't).
There were reports on google getting fined under similar grounds however I think it was the EU part of the company (I know a lot of their data is stored in the UK as well as the US).
I generally use a spam email address for whenever I have to share one.
But it is a good idea to try to hide these from attacks such as phishing emails.
Some peoples use their main id and some use their secondary id for bounty. So those who use the main id are at risk.
If the email ids get into the wrong hands then it may get into the market for sale, can be used for hacking attempts of bitcointalk accounts, for spam, track down of social accounts, and lastly your input of phishing attempts.
I think hacking of exchange accounts is also quite an issue here (especially if people don't have 2FA). If your email account gets its password changed and there is no number linked, then you have lost your account.
If there is a phone number linked, then I'd argue that could get even more annoying for people. There are already data breaches from sites that I have noticed that have sold numbers to companies that claim to be a banking company and try to get you to go to their site (their site has nothing on it, I assume it just harvests all it can from your phone - though haven't actually clicked it on the phone itself).
Can we get this added to the OP by any chance or maybe get a new thread with a list of managers who do publicly share users' email addresses?
I have started to contact bounty managers to keep the personal info private, so if anyone disagrees to do so then I'll create a new thread as per you have suggested.
Give a negative/neutral trust rating to the manager who did not respond to you as that might get them to respond to what you wrote and give you the reason why they didn't want to hide the IDs. It might just be that they missed the PM if they have had many of them.
EquityBase who you said did respond and hid them has shown their credibility as a manager here and it's good to see one of the managers have responded.
2/3 managers as you suggest is quite a low set of users that you have tested though (it's a good start).
It was the beginning what I was trying to do, so from now on I will try to contact more of them and those who will disagree will get negative trust rating until they fix the issue.
And I will also update the names of those managers who disagreed for the community acknowledgment either through this thread or the new one.
It's a good start and you have already managed to get one manager to change their mind and hide the email addresses of their users.
Since they're not directly making any money out of keeping their email addresses public, I see no reason why the others wouldn't collaborate in the same way. If they do particularly need to show email addresses for some reason (which I'd doubt) then they should also state their reasons to you/the community for validation - though I doubt there is a reasonable reason why they'd not make that information private.