Australian start-up company Freelancer.com will be challenging a $20,000 fine handed to it by the Australian Privacy Commissioner over its handling of a dispute with a former user.

Freelancer.com is an Australian company listed on the Australian Securities Exchange and operates as a marketplace that connects people looking to crowdsource and outsource their work. It operates in 247 countries and includes anything from writing, to software development, to accounting work.

In 2010, a Freelancer.com user based in Poland was encouraged to complete his profile on the website by sending out invites to friends. He did this by sending out the invites to dummy email accounts he had set up, and then used these email accounts to set up two additional accounts on Freelancer.com.

He received payment for work on Freelancer.com, but when he attempted to withdraw this money from the website, his account was frozen for “security purposes” for more than a month. After he supplied his identification in early 2011, the freeze was lifted and funds were released.

Freelancer.com then terminated one of the dummy accounts, and after the user was paid for work again, he found his account suspended, and was asked again to provide ID. After the user complained on Freelancer.com’s Facebook page, company CEO Matt Barrie told him the issue would be investigated, and the funds were ultimately released.

Then in August 2012, the user posted a blog post under a pseudonym complaining about Freelancer and also edited the company’s Wikipedia page. The company asked the user to remove the posts, or face legal action. Freelancer also changed its Wikipedia page back, sparking an edit war on the page.

The company then took the step of closing down the user’s Freelancer.com account, leading to more blog posts and complaints. In late 2012 the company sent him a cease and desist letter. Freelancer also made further edits to its own Wikipedia page, removing “defamatory comments by vandal”. It made several posts made in forums about the user, which the user has claimed could identify him.

As a result, he lodged a complaint with the Office of the Australian Information Commissioner in July 2013, stating that in addition to collecting his IP address during registration, and then misusing his personal information, Freelancer.com disclosed his personal information online “to the world at large”. In a decision published this week but handed down late last year, Commissioner Timothy Pilgrim found Freelancer.com was allowed to collect the user’s IP address information for verification purposes but did not reasonably notify him of the collection of that IP address for fraud protection purposes.

The company’s privacy policy stated that customer information provided to Freelancer.com could be disclosed publicly as a “new, innovative, or unanticipated use”, but Pilgrim found that publicly disclosing the user’s personal information in response to criticism of Freelancer.com would not fall into that category, and that the company breached Australian privacy principles by naming the user in Wikipedia edits to the Freelancer.com page, as well as in comments on a blog site.

The user said he suffered emotional distress as a result of his information being disclosed by Freelancer.com and sought $70,000 in compensation for both economic loss and for the distress caused from the company. Pilgrim ordered Freelancer.com to provide a written apology, and pay $20,000 in damages for the distress caused.

Freelancer.com deputy chief financial officer Christopher Koch said in a statement provided to Crikey that the company would appeal the decision and, as a result, would not comment on specifics of the case.

“Freelancer disagrees with the outcome of this determination and in particular some of the facts that have been accepted as part of it. We are in the process of exercising our rights to appeal. As this matter is currently before the courts it would not be appropriate to comment further at this time.”

Late last year, Crikey revealed Freelancer.com was forced to hand over the user information for 51 users who had accessed private information of over 30,000 current and former Optus customers posted to the company’s website by a rogue employee of a debt collector contractor working for Optus.