Case Study #3: Transparency Reporting

Photo: Shutterstock

What is Transparency Reporting?

Since 2010, as internet and telecommunications companies have worked to build user trust and set themselves apart in competitive and growing industries, one tool in particular has become increasingly common: the transparency report. By publishing aggregate data about government requests for user data, government demands to remove content, and intellectual property-related takedowns, transparency reports offer companies a public-facing opportunity to showcase their values and commitments to protecting user rights. These reports might be thought of as an extension of existing corporate social responsibility (CSR) practices, and like other CSR practices, transparency reporting provides companies an opportunity to put corporate values into practice and on display. Transparency reports, like other CSR practices, are not government- or industry-mandated; instead, their emergence has been organic and voluntary.

Emergence and Adoption of Transparency Reporting

Transparency reporting by internet companies first emerged in 2010 when Google published its first report, focused on government requests for data and for content takedowns both in the US and internationally. China played a key role in that decision, just as it played a key role in Google’s first-mover offerings of transit encryption by default and two-factor authentication; so too did Google’s desire, shared with a range of companies and privacy advocates, to reform the U.S. law governing when the police could demand data from online service providers.

Over the next three years, a slow trickle of major companies like LinkedIn and Microsoft followed Google’s example—including Twitter, where former Google employees sought to build on their original employer’s work. However, the practice didn’t truly become a standard until Edward Snowden’s revelations in the summer of 2013 about NSA surveillance prompted a crisis in consumer confidence around U.S. companies' handling of private data. To address that crisis, within a year of the Snowden leaks, almost all of the major online service providers—and, for the first time, phone and cable companies—were publishing detailed reports about government demands for data.  This explosion in reporting was concurrent with a major legal and political fight where the Internet industry and privacy advocates joined together to demand that companies be allowed to publish basic numerical data about the national security-related requests they received from the U.S. government, ultimately leading to transparency reforms in the USA FREEDOM Act of 2015.

With the Snowden revelations accelerating the rate of adoption, transparency reporting has gone from something only one company did in 2010, and which only a small handful of companies did before the summer of 2013, to a standard best practice that has been adopted by over fifty U.S. internet and telecommunications companies as well as a growing number of international companies.

As transparency reporting has become a standard practice in the internet industry, certain features have become standard as well. The most consistent feature across all transparency reports is a section on government requests for user or customer data. This is no surprise given the close ties that the emergence of transparency reporting has with the Snowden revelations. However, other sections have also become standard in many companies’ reports. For example, a vast majority of internet companies now report some information on Digital Millennium Copyright Act (DMCA) takedowns. Another increasingly common feature of transparency reports is inclusion of data about government requests to remove content. However, no companies are yet publishing comprehensive data about the content they take down based on their own terms of service, although demand for such reporting is growing.

Key Factors Spurring Adoption of Transparency Reporting

Several factors—including the human rights threat coming from China, the desire to reform electronic privacy law in the U.S., and calls for transparency from human rights and privacy advocates—helped spur the birth of transparency reporting. However, the most powerful factor spurring the widespread adoption of transparency reporting was obviously the Snowden revelations. While several companies were already engaged in the practice, following mid-2013 there was an order-of-magnitude increase in the number of companies publishing regular transparency reports. Each new company adopting the practice put pressure on its competitors, leading to a domino effect ending with near-universal adoption in the American internet industry.

The influence of civil society organizations both before and after Snowden, however, cannot be overestimated. Especially influential was the Electronic Frontier Foundation’s “Who Has Your Back?” project, a scorecard that since 2011 has ranked internet companies in terms of their privacy and free speech-related policies, including whether or not they issue a transparency report. This effort—and newer efforts like the global Ranking Digital Rights Corporate Accountability Index—added fuel to the competitive fire among companies seeking to rebuild international consumer trust after Snowden.  Meanwhile, post-Snowden changes to the law gave companies new latitude to publish data about national security requests that previously they had been forbidden from sharing, which further encouraged the publication of reports. And international companies are now under growing pressure to issue reports, as major companies like Deutsche Telekom and Vodafone have adopted the practice and international multistakeholder bodies like the Freedom Online Coalition advocate for widespread adoption of the practice.

Looking Toward the Future of Transparency Reporting

Over fifty U.S. internet and telecommunications companies have taken up transparency reporting in the handful of years since Google released its first report, and with each iteration, many companies have added new features, content, and data points. Though it is hard to predict what the next generation of transparency reports will bring, there are a few areas that may see increased attention in the future, namely: terms of service (TOS) enforcement and greater standardization across reports.

Notably absent from nearly every single transparency report is information about TOS enforcement. Until July 2015, when Etsy published its first transparency report, no company was reporting any data on the enforcement of internal policies. Since then, the only other company to share data about TOS enforcement as part of its transparency report is Twitter, which in February 2016 added information about certain types of content removed due to violations of the platform’s policies. Especially due to concerns about extremist content online, transparency around internal policies that impact users’ freedom of expression is becoming increasingly important, and there is growing pressure outside the industry—and, hopefully, some desire inside the industry—to offer that transparency sooner rather than later.

Meanwhile, although transparency reporting has flourished in recent years and companies have experimented with innovative and new approaches to reporting, the practice has also suffered from a lack of consistency that has limited reports’ usefulness. Due to different accounting and reporting practices, and a lack of clarity about exactly how companies are counting or defining certain terms, it is difficult for data across companies to be compared or combined. As a result, there has been a growing call for companies to start standardizing how some of the most common transparency reporting features are deployed. One representative effort is the Transparency Reporting Toolkit designed by the Open Technology Institute and the Berkman Klein Center For Internet & Society, which offers a model standardized reporting format based on an extensive survey of the best practices in the field.

Transparency Reporting