Jim,
... and someone being transferred automatically from Yahoo groups or
elsewhere. The latter could possibly be problematic under GDPR, and
may lead Yahoo to prevent it to protect themselves.
It isn't clear how they would prevent it. Short of removing the Manage Members list as a feature.
... but I think the main problem would be theirs for passing on
personal details without prior permission.
While the law might consider Groups.io's transfer agent a "third party" in a way that is distinct from the group moderators (who may also be considered third parties), as a practical matter it is the role of moderator that gives the transfer agent access to the information.
So it would seem a bit odd to hold Yahoo accountable for the transfer of information, even though their systems gave up the info, because those systems were operating under (what would appear to Yahoo as) proper authorization.
Shal
Shal Farley