Is this just your opinion? Even after studying several sources I am not able to give a verdict. I cannot say, who is right and who not.
I don’t exactly understand, where the problem is. Until a few days ago, several persons (volunteers) had access to the nickserv databases and it was no problem. Now, a commercial, single-person-owned company has access (plus the volunteers, which remained and new staff) and we have a problem?
I understand what you are trying to imply with this sentence, but nevertheless I think there is a reason why the legal principle in dubio pro reo has prevailed.
Is the “single-person-owned company” based in Europe? If so, I think the GDPR can be used for real and legal steps.
First of all, I expect more spam, regardless of whether my mail is registered on Freenode or not. I am not sure, if the increase of “Freenode-caused” spam will be statistically significant.
Did Canonical try to buy this data? Or did you see an offer in the dark net? Do you have any evidence, that data from the nickserv databases are or will be sold?
I guess, there are several backups of the nickserv databases. So going away from Freenode does not delete the mail addresses from the backups.