AI is transforming how NPOs can execute fundraising campaigns. While these tools can increase efficiency and personalise donor engagement, they do not remove the legal obligations that apply to direct marketing under POPIA and the Information Regulator’s Guidance Note on Direct Marketing.
 

Section 1 of POPIA defines “direct marketing” to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of:

1. promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or
2. requesting the data subject to make a donation of any kind for any reason.

The Guidance Note confirms that ‘electronic communication’ includes messages generated by automated systems. This would include AI-powered email platforms, SMS gateways, or social media chatbots. This means that if an NPO uses AI to send any unsolicited communication requesting donations, section 69 of POPIA applies.

With reference to Unsolicited electronic communication where a data subject is not a customer, the Guidance Note states that:

Requesting Consent: “The first communication which the [NPO] sends to the data subject must be a communication requesting consent of the data subject to market their goods, or services or to request a donation.”

Nature of the Consent: “The [NPO] who wishes to obtain consent of the data subject must obtain the written consent by making use of Form 4 which has been prescribed by the Regulator or in any form which is substantially similar to this Form 4 and in manner that may be expedient, free of charge and readily accessible to the data subject...”

Existing Donor Exception: Contact is allowed without requesting consent if:

• The details were obtained during a prior transaction or donation;
• The message relates to similar causes or projects; and
• An objection opportunity was provided at collection and with each communication.

Conclusion

AI can significantly enhance fundraising efforts, but its automation features make it easier to breach POPIA unintentionally. Every AI-driven communication must be evaluated against the provisions of POPIA, its Regulations and the Guidance Note to ensure that consent, transparency, and objection rights are fully embedded into the process.

• Important Note: The information contained in this article is general in nature and should not be interpreted or relied upon as legal advice. The information may not be applicable to specific circumstances. Professional assistance should be obtained before acting on any of the information provided here.