Over the past decade, the practice of issuing transparency reports has become common for companies across different industries in the United States. These reports serve as a valuable mechanism for companies to demonstrate greater accountability around their operations and policies to the public and lawmakers.

Today, companies and organizations issue transparency reports on a range of issue areas including government requests for user information, content moderation, safety, quality, and sustainability efforts. Through these reports, companies and organizations provide statistical and qualitative information regarding how they treat their customers and stakeholders, how they handle their customers’ information, and how the companies’ operations affect their communities.

This report builds on an event held by New America’s Open Technology Institute (OTI) on December 4, 2019 that highlighted the value of transparency reporting across different industries, and the lessons companies and organizations have learned while developing and expanding these reports. In particular, the panel event focused on transparency reports that cover government requests for user data, content moderation, user safety, and quality of services. The panelists for this event included Allen Kachalia, senior vice president of patient safety and quality at Johns Hopkins Medicine; David Lieber, senior privacy policy counsel at Google; Rana Kortam, global women’s safety policy manager at Uber; and Spandana Singh, policy analyst at OTI. The panel was moderated by Tonya Riley, technology and cybersecurity researcher at the Washington Post.¹

The discussion covered the varying definitions of transparency across industries; the need for standardization in transparency reporting; and the benefits, risks, and challenges of transparency reporting and transparency efforts in general.

Editorial disclosure: This project received financial support from Uber, and it discusses policies by Google, which is a funder of New America’s work. New America is guided by the principles of full transparency, independence, and accessibility in all its activities and partnerships. New America does not engage in research or educational activities directed or influenced in any way by financial supporters. View our full list of donors at www.newamerica.org/our-funding.

During the event, panelists discussed a range of issues that companies and entities across different industries are currently reporting on through their transparency reports. While this report focuses on the types of transparency reporting discussed during the panel event, it should not be considered a comprehensive overview of all existing forms of transparency reporting. This section of the report offers a high-level, background overview of these types of transparency reports, and highlights some of the types of organizations that have issued these reports. The following section will feature substantive comments from the panelists themselves.

Today, companies across several industries are increasingly collecting, storing, and managing their customers’ personal data. Numerous countries and governments, often through intelligence and law enforcement agencies have long sought data directly from companies. As data collection and storage practices have expanded, the number of requests for this data from these agencies has increased.² Although law enforcement and intelligence agencies must meet applicable legal standards before seeking electronic communications and other user data, it is now common investigatory practice for these entities to request data from the companies and services that a target may have used.

Transparency reporting on government requests for user data first emerged in the internet industry. In April 2010, Google became the first internet company to publish a transparency report covering government requests for user data. The company stated that it published the report in order to uphold its obligations to the Global Network Initiative’s Principles of Freedom of Expression and Privacy.³

Then, in 2013, the Snowden disclosures revealed the names of companies who were aiding government surveillance efforts in response to government demands, sparking a crisis in consumer confidence around how companies were handling user data. Thereafter, many internet and telecommunications companies pushed for legislative change so that they could report data on requests from intelligence agencies. In 2015, Congress enacted the USA FREEDOM Act, which included authorization for such reporting. After this, almost all of the major online service providers, as well as some phone and cable companies, began voluntarily publishing transparency reports on government requests for user data.⁴ Now, these reports also often include information on how the company processes incoming requests, and if and how they notify impacted users.⁵ OTI has been a longstanding advocate for companies to provide greater transparency and accountability around how they are safeguarding user data. In 2016, OTI published its first transparency reporting toolkit which surveys how U.S. technology and telecommunications companies are reporting on government requests for user data. The toolkit also offers best practices for future reporting.⁶ OTI published a second transparency reporting toolkit focused on content takedowns in 2018.

Today, transparency reporting on government requests for user data is considered an industry wide best practice for demonstrating accountability around the management of user data in the U.S. internet and telecommunications industries. Over 50 companies in the United States now issue such reports.⁷ The reports help the public understand the scope of government surveillance practices and hold the government accountable. Over the past few years, some international companies started reporting on such requests, and U.S.-based companies that operate globally have also started publishing data on government requests they receive in their other countries of operation, such as Germany, India, South Korea, and Brazil.

This practice has also expanded into other industries. For example, in 2015, the University of California, Berkeley became the first higher education institution to publish a transparency report on government requests for data regarding its personnel. The university’s transparency report, known as the Electronic Communications Transparency Report, provides data disclosures around government requests for access to student, faculty, and staff electronic communications (including email, calendar, and online document collaboration and storage, as well as individual computing devices).⁸ The university also later began issuing a separate transparency report that covers government requests for access to student, faculty, and staff bConnected data. bConnected is a series of online services such as G Suite for Education, Box, and CalShare that the university provides to its students, faculty, and staff members.⁹

In addition, government watchdog initiatives such as the Journalism and Media Studies Centre at the University of Hong Kong have also begun publishing transparency reports that are focused on other organizations. In 2014, the centre first published its Hong Kong Transparency Report, in order to track the extent to which the Hong Kong government submits requests for user data to Internet Service Providers (ISPs).¹⁰ The centre has also expanded its efforts to include data on the extent to which the Hong Kong government has been submitting requests for content removal to internet platforms and ISPs.¹¹ Further, the centre has developed a corporate transparency report, which highlights when major internet and telecommunications companies begin reporting on Hong Kong-based government requests for user data in their own transparency reports.¹²

The internet is an increasingly important tool for free expression around the world, as it has significantly lowered the costs and barriers to communicating, thus democratizing speech online. However, in enabling user-content production and dissemination, online platforms have also opened themselves up to unwanted forms of content, including hate speech, terror propaganda, harassment, and graphic violence. As a result, these platforms have had to create and implement content policies and content-moderation processes that aim to remove these forms of content, as well as accounts responsible for sharing this content, from their products and services. However, platforms also face increasing pressure to safeguard user expression and speech on their services. Today, platforms and networks that carry user expression have assumed the role of speech gatekeepers, often removing or blocking users’ content for various legal or policy reasons.¹³ This is especially true in the United States, as the First Amendment limits the extent to which the government can direct platforms to moderate and remove speech.

As these content moderation efforts expand, companies are facing greater pressure to demonstrate transparency and accountability around how they are managing user expression. Today, over 60 global internet and telecommunications companies issue transparency reports on this subject. Such transparency reports cover a wide variety of requests and incidents, including government and other legal requests for content removal, requests for content removal based on copyright claims, requests for content removal based on trademark claims, requests for URL delisting based on the right to be forgotten, content removals based on the platform's own content policies, and instances of network shutdowns and service interruptions.¹⁴

Many internet platforms have also begun publishing detailed information regarding their content policies and content-moderation guidelines. Furthermore, following significant pressure from civil society and free expression advocates, a number of internet platforms have begun introducing notice and appeals procedures, so that users impacted by content moderation efforts are aware they have been impacted, and have a method of redress available to them.¹⁵

One of the most basic expectations that consumers have for organizations, institutions, and services they engage with is that they will protect consumers’ safety. When companies fail to protect safety, the harm suffered by particular consumers isn’t the only outcome. The failure often undermines trust among the general public. Given the very real implications of safety incidents online and offline, there has been a strong push for entities to demonstrate greater transparency and accountability around the companies’ safety incidents and prevention efforts. Today, a number of organizations such as universities and cruise ship lines are required by law to publish safety transparency reports. More recently, however, several companies have begun to voluntarily publish safety data.

One of the most notable categories in safety transparency reports is the incidence of sexual violence and sexual assault. In the United States, the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (also known as the Clery Act) requires all college and university campuses that receive federal funding to publish an annual security report (ASR) that provides statistics on campus crime and highlights efforts the institution has taken to improve campus safety.¹⁶ ASRs must include statistics on crimes such as murder, sex offenses (e.g. domestic violence, dating violence, stalking, etc.), robbery, motor vehicle theft, arson, liquor law violations, drug-related violations, weapons possession, and crimes or bodily harm related to or caused by hate crimes.¹⁷ Today, hundreds of colleges in the United States publish such reports.¹⁸

In addition, under the U.S. Campus Fire Safety Right-to-Know Act, which became law with the passage of the Higher Education Opportunity Act of 2008, U.S. universities with on-campus housing are required to publish an annual fire safety report. The reports are intended to help campus fire officials understand how fire affects campuses across the country.¹⁹

Other entities are also required to issue similar reports. For example, the Cruise Vessel Security and Safety Act of 2010 outlines security and safety requirements for most cruise lines that have ships embarking and disembarking in the United States. The act requires these cruise lines to report criminal activity to the Federal Bureau of Investigation.²⁰ The U.S. Department of Transportation compiles these statistics and releases an annual Cruise Line Incident Report.²¹ The most recent report features statistics on crimes such as homicide, kidnapping, and sexual assault on 12 cruise lines.²²

In addition, U.S. legislation requires the Department of Defense (DoD) to issue an annual report on sexual assaults involving members of the U.S. Armed Forces.²³ Currently the DoD’s Sexual Assault Prevention and Response Program issues reports on incidents of sexual assault in the military, the DoD, and the military services.²⁴

Over the past few years, the issue of personal safety has also become a prominent topic for technology companies, as platforms, especially those that facilitate offline interactions for their users, are being pushed to demonstrate greater transparency and accountability around safety incidents. In May 2018, ride-hailing service Uber publicly committed to publishing a safety transparency report that would include data on sexual assaults and other safety incidents that have taken place on, or related to use of, the Uber platform.²⁵ The commitment came following criticism around how the company handled instances of sexual violence.²⁶ In December 2019, Uber released its report, making it the first internet platform to publish a safety transparency report. The report covers three categories of critical safety incidents—motor vehicle fatalities, fatal physical assaults, and sexual assaults—that took place during an active Uber-facilitated trip, or between parties who were paired by the Uber app within 48 hours of a completed ride in the United States. The report also highlights the various safety investments the company has made in order to prevent future safety incidents, such as instituting thorough background checks and screenings and introducing new safety technology.²⁷

Along with concerns regarding safety, consumers have increasingly demonstrated concerns regarding the quality and impact of the services and products they are using. One industry in which transparency around quality is a primary concern is healthcare. Currently, the Centre for Medicare and Medicaid Systems (CMS) requires some hospitals to submit data on process and outcome measures related to topics such as heart attack care, pneumonia care, and overall patient experience. In addition, there is a strong push and desire for hospitals to publicly report data on the number of mistakes they make, as well as the subsequent outcomes. John Hopkins Medicine is an example of an institution that is pushing for greater transparency in this regard. Such data can help consumers understand the quality of the institutions and services they are using, and thus make more informed decisions regarding their medical care.²⁸ In addition, publishing such data has been found to enable and create strong incentives for institutions to learn from their mistakes and improve quality in the future.

Sustainability reporting is another key form of reporting that has emerged based on concerns regarding quality and impact. Today, companies across dozens of industries including retail, telecommunications, consumer goods, financial services, technology, and natural resources publish sustainability reports. Although the content of these reports varies based on the company, many provide qualitative and quantitative information on how the company has impacted the environment through its operations and what strategic steps they are taking to mitigate harm going forward. Reports often include data on issues such as greenhouse gas emissions,²⁹ water stewardship, chemicals management, and waste management.³⁰ Some of these reports, such as Gap Inc.’s sustainability report, also touch on safety- and labor-related concerns such as gender-based discrimination and harassment incidents, and child and forced labor.³¹ In addition, some companies issue broader reports that outline the company’s general social impact efforts. For example, Starbucks publishes a Global Social Impact Report that includes data on how the company invests in communities they work with and promotes sustainable development efforts.³² Verizon publishes a Corporate Responsibility Report that touches on issues including disaster response, accessibility, and anti-corruption efforts, in addition to sustainability-related issues. ³³

Pharmaceutical companies such as Janssen have also begun publishing pharmaceutical transparency reports that provide qualitative and quantitative information related to the company’s investment into research & development, patient and pricing costs, and requests for clinical trial data. The company’s most recent report outlines how the company publicly discloses information about its clinical trials, publishes the results of company-sponsored trials and studies, and shares pharmaceutical, device, and consumer product clinical data through the Yale Open Data Access (YODA) Project. The YODA Project serves as an independent review panel that evaluates researcher requests for access to participant-level trial data.

Transparency reporting varies in scope and methods across industries and platforms. Building on the background provided above, the panel discussed and explained a number of similarities in the methods, and both the perceived and proven benefits of transparency reporting across industries. In addition, the panelists also highlighted that there were many similar risks and challenges associated with transparency reporting (and transparency efforts in general) across their sectors. The following section of this report breaks down the different methods, risks, benefits, and challenges discussed during the panel.

As outlined during the panel, transparency is defined differently across industries and even companies. As a result, the methods, goals, and outcomes of transparency efforts often vary.

Google’s David Lieber, for example, shared that the practice of issuing transparency reports on government requests for user data has served as a valuable mechanism for holding both governments and companies accountable for their practices related to surveillance and access to user data. In addition, Lieber highlighted the important role such transparency reports have played in informing related public policy discussions. OTI’s Spandana Singh echoed these sentiments, describing how transparency reporting on removals of extremist content and accounts by various platforms has enabled these platforms to demonstrate the extent of their efforts to combat extremist propaganda and influence online. In addition, these qualitative and quantitative data points in transparency reports have added context to ongoing public debates around the role platforms should be playing in online anti-extremism efforts. They have also served as a response to concerns from regulators, governments, and watchdog groups (including OTI) that platforms are not doing enough to secure their services from extremist groups.

For John Hopkins Medicine’s Allen Kachalia and Uber’s Rana Kortam, transparency reporting has proven to be a mechanism for sparking industry-wide improvements and changes in technology and healthcare.

As previously outlined, CMS requires some hospitals to disclose data on process and outcome measures. Some hospitals have also begun publishing such data independently. Kachalia noted that although patients do not necessarily seek out or review this data, publishing it publicly creates an incentive for healthcare providers to improve their services. In this way, transparency reporting efforts can drive industry-wide improvements in terms of standards for quality and care.

Kortam highlighted similar goals in the technology industry. According to Kortam, Uber sought to use its safety transparency report to demonstrate to users and the public how the online Uber platform interfaces with offline issues, such as road safety and sexual assault and misconduct. She noted that going forward she hopes other platforms will follow suit and release such reports, and that these companies could then collectively tackle these industry-wide issues.

Singh also highlighted the important role that transparency reporting can play in helping companies build, or rebuild, trusting relationships with their users and policymakers. For example, in 2018, both Motel 6 and 7-Eleven were found to have shared data on their guests and customers with law enforcement agencies. This resulted in a significant amount of backlash and a dip in consumer trust.³⁴ Voluntary transparency efforts by these companies could help remedy and rebuild these relationships going forward, and also highlight the scope and scale of such data-sharing efforts.

Transparency reporting is a mechanism for providing long-term transparency to users and the public about how a company operates and what impact it has on its stakeholders. However, Kachalia, Singh, and Lieber also explained the need for companies and institutions to provide short-term and real-time transparency to impacted users.

Although it is important for healthcare providers to report on any mistakes or malpractice incidents publicly, Kachalia noted that when a doctor or hospital makes a mistake, it is vital that they also notify the impacted patients and their families immediately. This often enables those impacted to mitigate the harm or to obtain closure. In addition, Kachalia also stated that as hospitals have begun providing greater real-time notice and transparency to impacted individuals, the number of claims for liability have actually dropped.³⁵ Both real-time notice and long-term transparency are integral for strengthening and rebuilding trusting relationships between providers and users.

Similarly, Singh noted that although internet platforms should publish overarching transparency reports that describe the scope and scale of their content takedown efforts, they should also be engaging in real-time transparency and mitigation efforts. In practice, she noted, this means that when a user’s content or account is suspended or removed by a platform, they should receive adequate notice explaining why this decision has been made. This notice should also be accompanied with the ability to appeal this decision in a timely manner.

Lieber also discussed the importance of providing notice to users who have been the subject of user data requests. However, he explained that in the case of government and law enforcement requests for user data, providing such notice may not always be possible, as at times, platforms may be prohibited from doing so by specific legal requirements or the scope of the legal order.

As calls for transparency are becoming more prominent across an array of industries, companies are facing increased pressure to issue transparency reports outlining the scope and scale of their operations and impact. However, many organizations and institutions have expressed concerns around the risks associated with publishing data on sensitive subjects.

For example, Kortam discussed the concerns the company had about becoming the first tech platform to release statistics and information related to safety incidents. “Safety should not be proprietary,” Kortam stated, and additionally, publishing such data should not suggest that one service is more or less safe than another. Rather, she hoped that publishing this data would encourage other companies to issue similar reports, and subsequently spark collaborative efforts to improve their services and hold each other to a higher standard of accountability when tackling safety issues.

Kachalia echoed these sentiments, stating that in terms of patient safety and quality in the healthcare industry, “if we punish everybody for putting those numbers out there, we’re never going to get better.” Rather, providers should publish these numbers so that patients and industry professionals can better understand risks and then begin working together to improve outcomes and scenarios.

As described in this report, there are currently a number of entities that are required by law to publish transparency reports. However, there are also a range of organizations and institutions that issue transparency reports on a voluntary basis. The panelists did not discuss which approach would be more valuable or preferable. However, Singh and Kortam both noted that voluntary reporting efforts are a useful mechanism for companies to provide greater transparency and accountability around their operations and impacts, and develop trusting and open relationships with their users and policymakers.

Today, many governments around the world are considering mandating that internet platforms issue transparency reports on areas such as content removals, so this will be an issue area to watch going forward.

One of the primary challenges related to transparency reporting that all of the panelists highlighted was how difficult it is to ensure standardization in reporting across an industry.

For example, Singh noted that one of the greatest challenges associated with evaluating how internet platforms are moderating and removing content is the fact that their transparency reports vary in terms of the metrics and data points they disclose. As Singh explained, this variance in reporting occurs for a number of reasons. First, internet platforms often have varying policies on content removal, sometimes even among their own products. As a result, reporting on exactly the same metrics is often challenging. Further, there is an ongoing debate between platforms regarding what meaningful transparency around content takedowns looks like. As a result, different platforms will report different metrics and data points based on their own understanding of meaningful transparency. While this provides researchers, policymakers, and the public with a range of valuable metrics, it makes comparing company efforts and outcomes difficult. Kachalia described similar concerns around standardization in the healthcare industry, stating that most hospitals have varying determinations of what metrics and data points should be disclosed, and how they should be measured. These variations have hindered effective comparisons of institutions. In addition, Lieber highlighted that legal obligations often complicate such reporting further, as some platforms may be impacted by regulations more than others, and this can impact their reporting.

Standardization is also an issue that Uber grappled with when crafting their safety transparency report. As Kortam discussed, when Uber began working on creating their safety report, they realized that there was no existing way to consistently classify and report on the types of incidents of sexual violence and sexual misconduct that their users were experiencing. In order to remedy this, Uber partnered with the National Sexual Violence Resource Center and the Urban Institute to develop a taxonomy for categorizing and counting incidents of sexual violence and sexual assault consistently. The company then applied this taxonomy to past safety reports they had received from drivers and users in the United States. In the spirit of encouraging other companies to report and to issue similarly standardized reports, Uber made this taxonomy open source, so other platforms can adopt and apply it.

Organizations such as OTI have released recommendations for how companies can improve and standardize their transparency reports. As noted in the background section above, OTI has published two transparency reporting toolkits, one on government requests for user data and another on content takedowns. These toolkits survey how internet platforms and telecommunications companies have been reporting on these issues thus far, and offer best practices for ensuring that future reporting is standardized, granular, and meaningful. In addition, in 2018 a coalition of organizations, advocates, and academics including OTI, released the Santa Clara Principles on Transparency and Accountability in Content Moderation. The principles outline minimum standards related to transparency reporting, providing adequate notice, and providing a robust appeals process that internet platforms should meet when seeking to provide transparency and accountability around their content takedown efforts.³⁶ Thus far, several platforms have incorporated these recommendations into their reporting.

However, Kachalia also stressed the need for both flexibility and guidance when shaping transparency reporting. He warned that offering entities a predetermined “checklist of metrics” could prevent them from innovating and sharing information using other meaningful metrics. As a result, companies should work to craft their own meaningful standards for reporting as well.

Another major hurdle related to transparency reporting that panelists discussed was that there are significant challenges associated with creating meaningful and useful transparency reports that are also comprehensible for a general audience.

According to Kachalia, although there is a push for hospitals and healthcare providers to publicly share outcome data, this data is irrelevant unless providers can ensure that patients and the general public understand what this information means. Similarly, Singh described how transparency reports issued by technology companies are typically packaged so that they are of the most use to researchers, journalists, and policy-focused professionals, rather than users. Panelists noted that platforms therefore also need to think through how they can package these data points and insights in a manner that is valuable for users.

In addition, Kortam and Singh noted that across industries and issue areas, there is a push for transparency reporting efforts to be coupled with information around what companies are doing to subsequently improve their products and services. Kortam, for example, described how while developing the safety transparency report, many external stakeholders (such as civil society groups and organizations focused on sexual violence and sexual misconduct issues) pushed Uber to use the report as a way to also explain what the company was doing to prevent future safety incidents. Similarly, Singh echoed these points and stressed the need for companies to engage with such external stakeholders and experts in order to develop a more nuanced understanding of what a meaningful and useful transparency report looks like, both in terms of metrics and data reported, and in terms of the supplementary information provided.

Finally, the panelists also described a range of procedural and logistical challenges that often arise when a company or organization seeks to issue a transparency report or engage in a similar transparency effort.

As Lieber highlighted, the practice of issuing regular transparency reports is a long-term commitment that requires a significant amount of engineering and human resources. In addition, Kachalia explained that in the healthcare industry, most electronic systems have been designed to be transactional, rather than to foster data collection and extraction and performance evaluation. As a result, getting data out of these systems, both for mandatory reporting such as the CMS required reporting and voluntary reporting, has been challenging. Kortam shared experiences of similar challenges at Uber, prompting the creation of the taxonomy that the platform now uses. She also described the immense number of resources it took to retroactively apply this taxonomy to reports the company had received in the past.

As highlighted in this report, transparency reporting has emerged as a valuable practice for companies and organizations across a number of industries. These reports enable the public and policymakers to hold these organizations accountable for their policies and practices and provide important qualitative and quantitative insights to stakeholders. Although transparency reporting does come with some challenges, related to for example, risks and standardization, the practice has significantly transformed what meaningful transparency and accountability looks like in numerous sectors. Going forward, we hope to see more companies across more sectors adopt this practice.