Even if the service includes an NDA, any treatment you apply to the data of other people (emails, real names, etc.) must be communicated to those people, as well as having consent to apply that treatment. Actually, the real "blacklists" in which those who don't pay their debts are included, must have permission from those who are included. For example, if you don't pay your phone bills, you can be added to those lists by the company who you are in debt with (if they warned you in the contract you signed with them that you could be added to those lists if you don't pay your debts). Otherwise, it's illegal.
As far as I know (and correct me if I'm wrong, since I may be), the very same laws would apply to us if the administration of rA published and maintained such a list (with personal data such as names, emails, etc.).