Every bounty isn't an approach to collect data to benefit out of the data collected with their personal information. There might be few bounties that were done with specific purpose by the scammers. I believe most of the time KYC is requested to show to the outer world the usage number of the respective token, then is to avoid people from specific countries not participate on any of the programs conducted by the specific project team. This is done to terms and conditions created with legal rules and agreeing to it.
It is known that the majority of projects are scams, so why do you think that the scammers that are willing to steal your money without any remorse are going to suddenly stop when it comes to stealing your identity? For them this is a great win, they get your money and in the case your investment was small they can sell your full information on the dark web, since KYC was introduced we did not saw a decrease in the number of scams but we saw an increase in the consequences for investors when they choose the wrong ico.