Freelancer to appeal fine for “reckless indifference to privacy rights”

 

Australian startup giant Freelancer says it will fight a $20,000 fine handed down by Australia’s privacy regulatory for an alleged “reckless indifference to privacy rights”.

 

The ruling, made by acting Australia Information Commissioner Timothy Pilgrim, says Freelancer “interfered” with the complainant’s privacy by not making him aware of the purposes for the company collecting his IP address information and for “disclosing personal information” not authorised under the Australian Privacy Act.

 

The ruling relates to the company’s user agreement allegedly not fully explaining the purpose behind collecting users’ IP addresses at the time and Pilgrim determining that Freelancer revealed personal information about the complainant through blog comments and Wikipedia edits.

 

As well as the $20,000 fine for financial loss and injury to emotional well-being, the startup will also have to provide a written apology to the man within six weeks and re-train its staff in new policies and procedures regarding privacy.

 

Freelancer to appeal

 

But deputy chief financial officer Christopher Koch says Freelancer will be appealing the decision.

 

“Freelancer disagrees with the outcome of this determination and in particular some of the facts that have been accepted as part of it,” Koch tells StartupSmart.


“We are in the process of exercising our rights to appeal. As this matter is currently before the courts it would not be appropriate to comment further at this time.”

 

The complaint was first lodged with the Office of the Australian Information Commissioner in July 2013 by a “freelancer living in Europe” who registered on the platform in 2009.

 

Issues arose when the complainant made other anonymous, “dummy” accounts and was suspended multiple times by Freelancer.

 

The user then made a series of blog posts, Facebook comments and edits to the Freelancer Wikipedia page detailing his experiences.

 

The ruling says the blog post was then picked up by a third-party site, on which a Freelancer staff member commented:

 

Yes pseudonym aka full name pseudonym aka full name pseudonym aka first name and initial of real surname, we are well aware of your grievances and your racist comments on your [name of blog]. You are well aware of the reasons your particular account was closed.

 

Freelancer also made edits to its Wikipedia page and allegedly disclosed personal information of the complainant in the revised history of the page explaining the changes.

 

The bulk of the edits are coming from one individual who is using proxies to do the edits and heavily promoting vandalism of the page as a way to get back at the company on his blog (see post of Aug 2 on [name of blog site]). He is also the author of some of the links added or the primary poster (under a variety of pseudonyms including [full name/pseudonym/pseudonym.

 

The ruling

 

Although Pilgrim ruled that Freelancer’s collection of its users’ IP addresses to combat fraud as “appropriate and relevant”, he determined the company hadn’t made its users aware of the purposes behind this in its terms and conditions at the time.

 

“Freelancer had an obligation to take reasonable steps to make users of its website aware that other metadata such as IP addresses may be collected for risk management purposes,” Pilgrim says in the ruling.

 

“Freelancer did not take reasonable steps to ensure that the complainant was aware of the purpose of collection of his IP address information.”

 

He also ruled that Freelancer “improperly disclosed the complainant’s personal information” in the Wikipedia revision history and through the comments on the third-party blogging site.

 

The complainant originally sought damages of $70,000 for financial loss and injury to emotional well-being, but Pilgrim ruled there to be “no basis” for the first claim.

 

Despite saying the company’s actions “could be described as malicious, oppressive and/or high-handed”, Pilgrim acknowledged that Freelancer’s user agreement and privacy policy has been “extensively revised” since the complaint was lodged.

 

He ultimately ruled the fine should be $15,000 for general damages and $5000 for aggravated damages.

 

“I am of the view that Freelancer’s improper conduct contributed to the decline in the complainant’s emotional wellbeing even if there may have been other contributory causes,” Pilgrim says in the ruling.

 

“Freelancer’s conduct in improperly disclosing the complainant’s personal information was in my view aggravated by its apparent lack of disregard [sic] for the complainant’s privacy and its own privacy obligations.”

 

“Freelancer has in my view demonstrated a reckless indifference to the privacy rights of the complainant.”

 

While Freelancer prepares to appeal the decision, Koch says he isn’t concerned about its possible ramifications on the company’s reputation.

 

“We have nearly 20 million users on our platform and the number of issues we have like this is extremely small,” he says.

 

Follow StartupSmart on Facebook, Twitter, and LinkedIn.

COMMENTS