By: Sonny Zulhuda
I was recently asked to comment on digital crowdfunding in Malaysia from a cyber law perspective. By way of context, my comments focus specifically on donation-based crowdfunding, as distinct from other models such as equity-, reward-, debt-, or royalty-based crowdfunding. While donation-based crowdfunding has become increasingly popular in Malaysia, its operation must be conducted properly, ethically, and transparently.
From the perspective of funders, there is a legitimate expectation that donated funds will be channelled strictly towards their stated purposes and not be abused or misused. To support this expectation, crowdfunding initiatives should preferably be conducted through a recognisable online platform, rather than informal or ad-hoc methods such as direct messaging. An online platform—whether in the form of a dedicated website, blog, social media page, or a specific application—provides the necessary infrastructure for accountability and governance.
In the context of online donation-based crowdfunding platforms, these mechanisms serve as baseline safeguards to promote trust, accountability, and legal compliance in what is otherwise a largely open and borderless fundraising environment. Expanded, they can be understood as follows:
1. Disclosure obligations
Platforms should require campaign organisers to provide accurate, complete, and verifiable information about the fundraising effort. This includes:
- A clear and specific statement of purpose (e.g., medical aid, disaster relief, education support), avoiding vague or misleading narratives;
- The identity of the organiser (individual or entity), including verification steps such as identity checks or registration details where applicable;
- The intended beneficiaries, with sufficient detail to demonstrate legitimacy (e.g., named individuals, registered charities, or identifiable communities);
- Periodic updates on the use of funds, especially for longer-running campaigns.
These disclosures help mitigate fraud, misrepresentation, and donor deception.
2. Clear notice of terms and conditions
Every crowdfunding initiative should be governed by accessible and comprehensible terms, including:
- Whether donations are refundable and under what circumstances (e.g., failed campaigns, misuse of funds);
- The platform’s role (intermediary vs. active curator) and any disclaimers of liability;
- Fees, commissions, or deductions imposed by the platform or payment processors;
- Conditions under which campaigns may be suspended or removed.
Clarity here ensures that donors and organisers understand their rights and obligations.
3. Transparent payment mechanisms and methods
Trust is reinforced when payment processes are secure and transparent:
- Use of reputable, traceable payment gateways (e.g., bank transfers, regulated e-wallets, or card processors);
- Clear indication of how funds are held (e.g., escrow accounts vs. direct transfer to organisers);
- Real-time or periodic reporting of funds raised;
- Safeguards against unauthorized transactions and fraud (e.g., encryption, authentication measures).
This reduces financial opacity and strengthens confidence in the platform.
4. Record-keeping obligations
Platforms should maintain comprehensive records to ensure traceability and auditability:
- Logs of donations, including timestamps, amounts, and transaction references;
- Records of disbursements to organisers or beneficiaries;
- Documentation of campaign updates and communications;
- Retention policies aligned with legal requirements (e.g., anti-money laundering or tax laws).
Such records are crucial for dispute resolution, regulatory oversight, and forensic investigation where necessary.
5. Personal data protection safeguards
Given the collection of donor and beneficiary data, platforms must comply with applicable data protection regimes (for example, in Malaysia, the Personal Data Protection Act 2010):
- Collection limited to what is necessary (data minimisation);
- Clear privacy notices explaining how personal data will be used, stored, and shared;
- Adequate security measures to prevent breaches or unauthorized access;
- Mechanisms for data subjects to access, correct, or withdraw their data where applicable.
Failure in this area exposes platforms to both legal liability and reputational harm.
6. Accessible communication and complaint channels
Effective governance requires that users are not left without recourse:
- Dedicated support channels (email, chat, or helplines) for inquiries;
- Structured complaint-handling procedures with reasonable response timelines;
- Escalation pathways for unresolved disputes;
- Public reporting or transparency on how complaints are handled.
This fosters accountability and provides a practical avenue for redress.
Taken together, these measures do not necessarily impose heavy regulatory burdens but establish a framework of “minimum viable governance.” Whether implemented through formal regulation or platform-led self-regulation, they help balance innovation in digital philanthropy with the need to protect donors, beneficiaries, and the integrity of the fundraising ecosystem.
In this respect, valuable lessons can be drawn from the regulatory approach applied to online marketplaces, particularly in relation to protecting online consumers with more transparency, accountability, and consumer trust. Once these foundational requirements are in place, the next consideration is monitoring and oversight. Such oversight should logically fall within the purview of the relevant authorities, depending on the subject matter of the crowdfunding initiative—whether it relates to education, religious causes, disaster relief, or even political activities.
At the same time, any regulatory framework must be carefully calibrated. Over-regulation may risk discouraging charitable giving and undermining the social value of donation-based crowdfunding. The challenge, therefore, lies in striking an appropriate balance between facilitating generosity and ensuring legal accountability, transparency, and public trust.
TRIBUTE 