Mixed traditions: evaluating telecommunications transparency

: This article draws upon academic and civil society literatures to create a framework for assessing the effectiveness of telecommunications transparency reports on government requests for information within Canada, the United Kingdom, and the United States. Our analysis suggests that effective reports are targeted, in that they embody both verifiable and performative approaches to transparency, and also are sustainable, insofar as they evolve in their scope and structure while remaining regularly published. Emergent from this evaluation, we can better explain why different companies, in different jurisdictions, demonstrate variation in their adoption of effective transparency reporting practices over the last decade.


Introduction
Over the last decade telecommunications companies (hereafter: telcos) such as AT&T and Verizon have published transparency reports that denote how often government authorities request and receive information about the respective companies' subscribers. In 2012, only two technology companies worldwide published transparency reports; in 2020, that number reached 71 (Access Now, 2020). A number of researchers have questioned what characteristics define a robust transparency report (Weil, 2013;Pava, 1997;Parsons, 2019). Their work has been complemented by civil society groups, such as Ranking Digital Rights and Access Now, that have developed scoring systems to compare and evaluate the quality of transparency reports from year to year (Reitman, 2017;Rodriguez and Alimonti, 2019;Access Now, 2020;Ranking Digital Rights, 2019). However, whereas academics have tended to focus on the underlying theories of how reporting systems can improve accountability, and practitioners on what needs to be done soonest to rectify information asymmetries between companies, government and citizens, no work has proposed a way of systematically assessing telecommunications transparency reporting by way of integrating academic insights directly alongside practitioner contributions. This article fills that gap. This article begins by discussing how academics and practitioners have framed what constitutes a transparency report that significantly reduces information asymmetries between public and private stakeholders. Emergent from that literature, we outline a framework for assessing transparency reports which are produced by telcos. After collecting and assessing transparency reports published from 2013 to 2020 in Canada, the United Kingdom, and the United States we find that it is not just the granularity of a report's data or the regularity at which reports are produced that determines the extent to which reporting can correct information asymmetries, but the degree to which these reports are deliberately designed to best facilitate formal and informal accountability regimes. We conclude by discussing the broader conclusions of our results for corporate transparency reporting, generally, and for telco reporting, specifically.

-Background
Transparency is a richly contested concept, with transparency literatures tending to focus on the information that is shared by a given organisation and that information's quality and the ability for it to be acted upon (Albu and Flyverbom, 2019;Eigffinger and Geraats, 2006;Bushman et al., 2004;Fung et al., 2007). These focuses are sometimes aimed at explaining the merits of transparency practices or systems, and how they might correct information asymmetries, whereas in other cases scholars argue that theorised or in-practice transparency systems constitute a kind of "hall of mirrors" that serve to exacerbate, as opposed to ameliorate, information asymmetries (Johnson and Regan, 2014).
Corporate surveillance transparency reports are at the heart of this debate. Seen by organisations as ways to disclose government surveillance practices (Losey, 2015), the reports tend to be presented as a means to mitigate asymmetries which have been created by government activities that are concealed from public accountability (Parsons and Molnar, 2017). Many such reporting functions have a tendency to shift and evolve over time as new crises arise when an organisation's transparency practices are truly sustainable (Fung et al., 2007) or, to put it another way, organisational reporting templates can be updated if a practice of transparency is deeply embedded in an organisation's internal culture. At the same time, a perfect practice of corporate transparency is unlikely because it is challenging for external stakeholders to assess how, and why, unregulated reports are truly generated the way that they are. However, in the course of conducting such analyses, researchers can try to assess the extent to which these reports constitute either 'verifiable' or 'performative' reporting practices, or some combination, and from such analyses assess whether organisational reporting constitutes a living and sustainable practice that is designed to correct information asymmetries over a period of time that extends beyond one crisis or another.
With more specificity, Albu defines verifiable practices as "a matter of information disclosure" that over time improves the quality of reporting practices (Albu and Flyverbom, 2019), whereas performativity entails a process that is defined by the "perpetually dynamic nature" of an organisation's transparency (Albu and Flyverbom, 2016, p. 17). So whereas the former may focus on the specific data of a report such as the number of persons affected by a class of government request, the latter may focus on the extent to which the act of transparency demonstrates a cultural practice of transparency in a given organisation such as by explaining how an organisation manages government request processes. While these conceptualisations can be contrasted against one another, they can potentially both be integrated into transparency reporting documents such that reports can both satisfy conditions of verifiability and performativity alike, as discussed in section 2.1 and 2.2. Ultimately, the transparency that is evoked through verifiable or performative purposes operates as a prerequisite for accountability; transparency and accountability are distinguishable-if intrinsically linked-concepts (Mulgan, 2000) on the basis that transparency may involve the revelation of information whereas ac-countability often involves a compulsory revelation of such information as well as subsequent formal or informal responses to what has been revealed.
A breadth of civil society and academic groups have principally sought to assess the verifiability of corporate transparency reports. Their focus, however, on verifiable facts may potentially lead to distorted assessments of corporate behaviour on the basis that presented facts may conceal corporate attempts to coach governments in how to access data in the first place (Morin, 2015;Seglins, 2016) or be used to enable a company to control its public image by concealing information that is damaging from a legal or public relations standpoint (Wayland et al., 2012;Chiu, 2010). Alternatively, neglecting verifiability in favour of performativity is equally flawed because the latter relies on the former as a foil. Together, they reveal deeper insight into the reporting organisation's practices.
Together, verifiable and performative transparency practices can create an "action cycle" between external stakeholders and the disclosing organisation, as the former critiques the organisation's transparency reporting practices and the latter embeds the critique within their disclosing practices, beginning the cycle again (Fung et al., 2007;Fung 2013). This action cycle is an essential prerequisite for what Fung et al. (2007) regard as "effective targeted transparency" because the cycle prioritises and shapes company action around the needs of users and other external stakeholders. However, as Fung et al. note, the effectiveness of this cycle hinges on its sustainability. Transparency reports must "gain in use, accuracy, and scope over time" (Fung, 2007, p. 210). By embodying verifiable and performative transparency practices that are sustainable, effective targeted transparency reports enable the most avenues for stakeholders to catalyse accountability.

-Methodology
We evaluate the effectiveness of telco transparency reports by assessing the extent to which reports address information asymmetries between disclosing organisations and stakeholders. We conduct a cross-national survey of reports to assess These companies serve as substantive representations of how leading organisations operating in these ICT markets manage their transparency efforts (Flyverbom, 2020). In all cases, we examined all of the telco reports from their year of initial publication to their most recent disclosure at the time of writing, which was June 2020.
We draw upon the works of academics such as Fung (2013), Haack (2012), Mcconnell (2010), Mulgan (1997), Pava (1997), Weil (2006) (Cardozo et al, 2014;Reitman, 2017), the EFF's global partners (Rodriguez and Alimonti, 2019), New America (Woolery, 2016), Access Now (2020), Ranking Digital Rights (2019), and our past work (Parsons, 2016). Together these authors form a cohesive literature with which we are able to establish a set of metrics for assessing the verifiability and performativity of corporate transparency reports published in Canada, the United Kingdom, and the United States. These case studies are far from all encompassing. Telecommunications transparency is a global issue, documented and analysed by a rich community of authors (Samaro and Hussaini, 2020;Rodriguez and Alimonti, 2019;Article 19, 2017). Our goal is to present a methodology that has applicability beyond the scope of our three case studies.
Our metrics assess five criteria that account for verifiable and performative approaches to transparency: granularity, availability, confirmability, internal signalling, and external signalling. In the following subsection, we define each of these criteria and how they may be instrumentalised to assess transparency reports. The assessment process lets us assert whether reports fulfil (meets 75%-100% of category criteria), partially fulfil (meets 50-74% of category criteria), or do not fulfil each assessment category (meets 49% or less of category criteria). Table 1 provides a template which can be used to score an organisation's transparency report(s). Table 2 showcases the scores given to each telco.

-Granular
A granular reporting system provides data which robustly details the degree to which governments request user information from a given organisation, to what degree that organisation acquiesces to these requests and the extensiveness of such requests. The information serves as a basis to assess how a company's reported business practices, such as processes of receiving government warrant requests, reflect the reality of receiving and responding to such requests. We assess the granularity of a report based on whether it discloses: the exact types of legal requests which a company receives and the information sought by such requests; the number of requests within each type; how many of these requests resulted in the disclosure of customers' data; how many customers were affected annually by each class of request (Woolery, 2016;Reitman, 2017;Parsons, 2016).

-Available
Availability is a prerequisite for effective transparency (Fung, 2013;Ranking Digital Rights, 2019) insofar as there must be a public record of a company's transparency reports and the data these reports contain. As we apply it, a report is available when it is regularly published by a company and the company maintains a dedicated webpage which hosts its past reports or relevant data sets (Woolery, 2016).

-Confirmable
Verifiable transparency initiatives fundamentally serve as "a positive and effective means of regulating behaviour" (Albu and Flyverbom, 2019, p.15) and, thus, an effective report should give users and other stakeholders some agency or awareness over how law enforcement requests could impact the privacy of their data. We instrumentalise confirmability by assessing whether: an organisation affirms in its transparency report that it will notify customers in the event their information is requested by law enforcement (Woolery, 2016;Suzor, 2019;Reitman, 2017); provides additional mechanisms through which a consumer can clarify information asymmetries (e.g., including providing the contact information for internal privacy officers, local public privacy officials, or the organisation's law enforcement liaisons, or enabling individuals to determine whether they have been subject to a law enforcement request and what additional steps they might take) or control how their information is held and used, and what steps individuals can take to guide how the host organisation makes use of their data (Kerry and Chin, 2020).

-Internal signalling
Organisations' transparency systems must provide details or courses of action concerning how an organisation responds to requests for privately held data. Internal signalling captures practices that provide insight into how transparency practices have been embedded into an organisation and help an external stakeholder assess the processes governing firms' data processing practices, including the information they retain about individuals as well as decisions to disclose information to gov-ernment agencies.
More specifically, we instrumentalise 'internal signalling' by assessing whether a company's initiatives include incorporating or providing links to the organisation's privacy policy (Kerry and Chin, 2020); clarifying what internal mechanisms are in place for processing requests for information (Reitman, 2017); and structuring information in a manner which conveys narrative about a company's rationales or justifications pertaining to how it has developed data handling practices or processes. Such framing transforms the report "into a story about company values, policies, and user trust" (Woolery, 2016).

-External signalling
The external signalling criterion captures the external systems that the disclosing organisation is connected to, and which may influence how a given organisation processes government requests for user information. So whereas internal signalling denotes the processes an organisation has developed to manage subscribers' information, external signalling captures the policies and regulations external to an organisation which may dictate some of the ways in which it handles or discloses subscriber information.
To fulfil this criterion, a company's transparency report must: make clear which legislative frameworks may be used to request data from the organisation, as well as their broader relationships with law enforcement bodies, and government entities, and other third parties (Woolery, 2016;Suzor, 2019;Ballard and Alimonti, 2019); either directly link to a law enforcement portal, operational guidelines, or offer an explanation of the process which these entities must undergo in order to submit requests for information on the company's users (Woolery, 2016); provide the aforementioned clarifications for all markets in which the organisation operates (Losey, 2019); and clarify how third-party organisations that may supply services are, themselves, subject to demands from state actors (Reitman, 2017). Transparency practices associated with external signalling thus illustrate how individual organisations' transparency efforts are impacted by external requirements transparency, as well as those of their partners and suppliers.  Of the telcos assessed, only AT&T, Verizon, and Telefonica reports fulfilled all of the designated granularity criteria. These organisations listed the number of customer selectors which were associated with a particular category of request (e.g.

-Granularity
National Security Letters, Foreign Intelligence Surveillance Court warrants, or all lawful interceptions in the case of Telefonica). All other telco reports failed to meet more than one of the four stated criteria and, thus, only partially fulfilled this category. Shaw and Telus were the weakest performers because their reports were less specific than competitors' , and only fully satisfied one of the stated criteria and thus did not fulfil the category. Shaw not only lacked extensive subcategories for the court orders they received but, also, reported their requests in bundles of 0-100 which prevented readers from gaining meaningful insight into the company's reported metrics. Whereas Verizon provided rough percentages for how many customer selectors were associated with individual government requests, the number of requests reported by Telus were not representative of the number of customer selectors impacted by those requests, a fact the company acknowledges (Telus, 2019) and therefore inhibit deeper assessments of the scope of government requests. Telus' reports, similar to Shaw's, also lacked extensive subcategories for the court orders they received. Of note, while UK telcos were restricted from disclosing statistical data on lawful interception warrants due to Section 82 of the Investigatory Powers Act 2016 (IPA) they still provided data on requests submitted by non-UK governments to partially satisfy our criteria.    The only telcos which fully satisfied all of the criteria that were set out to assess confirmability were Rogers and TekSavvy. Of the entire field of telcos assessed, six partially satisfied the criteria, with Sasktel, Shaw, AT&T, T-Mobile, and Comcast failing to even partially fulfil the criteria. We found that ten reports failed to either directly acknowledge their user notification policies within their reports or, in Sasktel's case, flatly stated that the organisation will not notify their customers in the event that a government agency makes a request for a subscriber's information. Of note, the two telcos that completely fulfilled this category included a range of consumer accountability mechanisms in their reports, such as their identification of internal and government privacy officers (Rogers) or engaging directly with civil society critiques (TekSavvy), as well as committing to their discussion of user notification where legally permitted.  their privacy policies or information derived from those policies comprehensively into their transparency reports. Eight of the thirteen telcos adopted a narrative approach when crafting their reports that involved discussing improvements made in regards to past reports (e.g. TekSavvy) or identifying new relevant legislation or court rulings (e.g. T-Mobile), while the reports of Shaw, Videotron, AT&T, and Comcast failed to adopt a narrative structure within their reports. These efforts signal each organisation's values and intent in the process. Together, this meant these companies created more opportunities for external stakeholders to highlight when these declared values were at odds with their actual actions.   Telus indicate the importance of performativity criteria in generating their corpo-rate transparency on the basis that these companies decided to present internal and external signalling to contextualise and clarify the processes which govern information disclosure (Albu and Flyverbom, 2019). This feature is not shared by other Canadian telcos. In addition, these three Canadian companies' reports are those most regularly published. In aggregate, these features suggest that transparency has become embedded in the fabric of these three organisations (Weil, 2006). However, while the individual reports published by these organisations demonstrate key aspects of targeted transparency defined by our criteria, they do not all demonstrate the same degrees of sustainability by adapting reporting practices in response to new issues, such as copyright takedowns. Furthermore, the Canadian competitors of these three companies have not followed suit, raising broader questions as to whether sustainability is integrated into the Canadian telco market writ large.

-Canada
More specifically, TekSavvy's reports have changed in scope and structure over the  (Rice, 2016). In contrast, Telus's reports have not changed substantially over time and instead maintained the same low level of granularity since their first publication (Telus, 2016). This suggests that the company has embedded the information as part of its Corporate Social Responsibility (CSR) procedures-designed to explain how it engages with a very particular subset of activities over an extended period of time-as opposed to developing a culture of targeted transparency reporting that changes over time in response to pressures placed externally or internally on the organisation.
Given that most companies in Canada began publishing transparency reports before Industry Canada (now the department of Innovation, Science, and Economic Development) promulgated its own guidelines, and because the government guidelines are non-compulsory, the companies which had already begun publishing reports and standardised internal processes for publishing their reports may have been disinclined from adopting the government-approved standard. The noncompulsory nature of these reports has led some leading telcos, such as Bell Cana-da, to refrain from publishing transparency reports altogether. Others, namely Shaw and Videotron, justified their disclosure of data on user requests in bands of 0-100 instead of exact numbers by referring to the government guidelines, without then adopting the guidelines in their entirety. Their partial adoption of the government guidelines renders the disclosed information ineffective given that the bands (e.g., 0-100 requests made) fail to clarify whether any information is disclosed in a given reporting period and, in the process, only gives the illusion of transparency (Johnson and Regan, 2014) by seeming to report on the government requests they receive without clearly stating whether they have received a single request at all.
These features suggest that while some Canadian telcos, such as TekSavvy, publish transparency reports that are both targeted and sustainable (Fung, 2006), the same is not true of the Canadian market at large. Through the lens of verifiability, the effectiveness of Canadian transparency reporting is lacking insofar as companies' reports routinely fail to fully provide "accurate and sufficient information to serve the purpose of providing clarity" (Albu and Flyverbom, 2019, p. 15). However, from the perspective of performativity, the progression of transparency reporting practices of Canadian telcos holds some promise. Of note, Shaw and Videotron have only recently started publishing their reports as of 2017 and 2016, respectively, and so future assessments may reveal that they have adopted embedded transparency practices (Haack, 2012). Furthermore, based on our analysis Canadian telcos tend to perform well with regards to the criteria of confirmability and performativity as compared to their US counterparts. This suggests that with added pressure, either from the public and their advocates or through competition (Sirsly, 2019), Canadian reports might become more effective as Canadian telcos engage with these stakeholders and one another, with the effect of creating an ongoing action cycle and, through it, greater accountability (Weil, 2013).

-UK
Our findings suggest that while UK telcos were restricted from disclosing statistical data on lawful interception warrants due to Section 82 of the Investigatory Powers Act 2016 (IPA), UK telco transparency reports still exhibit key aspects of targeted transparency reporting (Dingwerth and Eichinger, 2010). These restrictions may even have positively contributed to UK reports' greater performativity, on the basis that firms sought out other avenues to demonstrate their commitment to users' privacy (Soghoian, 2011). Within their reports, BT and Telefonica illustrate their relationship with law enforcement and governments in each of the markets in which they operate. Vodafone, similarly, published a 2016 legal annexe that was 147 pages long and which detailed how their transparency reporting practices were affected by the legal regimes of the markets within which they operated.
Such information establishes ceilings and floors on what assistance a given corporation will provide law enforcement agencies (Adu-Appiah et al, 2018). In states where government surveillance law and practice are opaque, reports with strong external transparency may formalise opaque agreements made with government entities and may even reveal the state's surveillance capabilities (Vodafone, 2017).
However, the approaches taken by these companies have significant implications for the sustainability of their reports. Vodafone has not published a "Law Enforcement Disclosure Statement" since 2015 (Vodafone, 2017). BT Group released its 2019 "Privacy and Free Expression" report after a four-year gap in its reporting (BT, 2020). Their current structure is not conducive to regular publication. An annual legislative review akin to Vodafone's 2016 legal annexe or the repeated explanation of UK government investigatory powers offered by BT's 2016 report may be regarded as redundant given the slow evolution of these features over time. This does not lessen the necessity for regular disclosure of the more dynamic information (especially those regarding confirmable and performative approaches to transparency), contained within transparency reports. Furthermore, the failure to provide even minor frequent updates suggests that UK firms may regard transparency as a static achievement, when in truth transparency arguably only exists in the doing of it (Albu and Flyverbom, 2019). BT has significantly restructured its most recent report, which now mentions the investigatory powers and content blocking carried out in the 21 countries in which it operates. Time will tell if this is indicative of a more sustainable reporting tradition.
Telefonica's ability to regularly publish detailed reports stands in contrast to the reporting practices of Vodafone and BT Group. Since 2016, they have published similarly targeted reports in a manner that demonstrates that the company has embedded reporting principles in its corporate culture and, thus, indicates a stronger commitment to the longevity of the reporting than their competitors. The scope and structure of Telefonica's reports have changed over time, adopting stronger verifiable and performative approaches to transparency, such as more granular interception typologies (Telefonica, 2020, p. 19) and robust explanations of the company's governance structure (Telefonica, 2020, p. 4). Much like Canada's Telus, the sustainability of Telefonica's transparency reports is bolstered by the company's broader holistic CSR efforts that it has pursued for over a decade (Richards and Wood, 2009) though it varies in that Telefonica has continued to innovate on its reporting, suggesting that the company is integrating targeted transparency approaches into its CSR processes. The result is an effective reporting tra-dition that distinguishes Telefonica from its UK competitors.
Ultimately, however, the disparity between UK companies suggests that the current reporting practices of UK telcos are not uniformly sustainable on the basis that the practices haven't self-evidently embedded themselves within the market writ large. Thus, while the transparency approaches of UK telcos constitute a distinct reporting tradition which exhibits noteworthy features, namely with regards to their performativity, such practices have yet to take hold in the UK market.

-US
US telcos broadly have integrated high degrees of granularity and availability into their reporting structures, and their scope has expanded to reflect the concerns of external stakeholders. AT&T now provides information on how its subsidiaries in Central and South America receive and process government requests for information (AT&T, 2020, p. 8). After facing sharp criticism (Reitman, 2017), Verizon now stipulates within its reports that it will explicitly notify their users of third-party requests for their information when not prohibited by the law. These characteristics suggest that existing transparency approaches within these organisations are sustainable.
However, the manner in which US companies' reports express verifiability and performativity vary significantly, with holdouts such as Comcast possessing the least targeted reports of those examined in this analysis, despite the company regularly publishing reports. One thing that all the telcos share is a lack of confirmability insofar as many do not offer strong promises to notify their customers. And, unlike many telcos in other markets, US telecom companies do not provide many avenues for users to clarify the status of their information nor processes by which they can further clarify information asymmetries that exist between themselves and the company. This is compounded by the spotty internal signalling of these reports and in particular their lack contextual and narrative framing that might clarify changes in their metrics or practices (e.g., AT&T, T-Mobile, Comcast) or their insufficient integration of company privacy policies (e.g., Comcast, Verizon). To at least some extent, this may be the result of the United States having a 'mosaic approach' to privacy (Levin and Nicholson, 2005) which has led to Americans lacking many of the data and privacy protections that are enjoyed by Canadians and Europeans.
Our framework identified features that showcase whether a company is sufficiently fostering transparency in a manner that enables accountability. The remaining faults it identifies can still have significant consequences. Of particular note is that US telcos failed to account for the regulatory frameworks of markets outside the United States. AT&T, which reports on the activities of its subsidiaries in Central and South America, was the lone exception, despite Comcast's purchase of Sky and its UK holdings (Gartenberg, 2018), T-Mobile's ownerships by Deutsche Telekom (Leigers, 2020), and Verizon's numerous subsidiaries abroad (Kushnick, 2018). This absence of information has and will continue to have lasting consequences for the ability of non-American stakeholders to hold American companies accountable for their activities. Telco transparency reports can reveal novel information on international markets, especially of repressive regimes where government transparency is lacking (Hovyadinov, 2019), such as Vodafone's illustration of the surveillance capabilities of the governments with which they interact (Vodafone, 2016). US telcos could publish information about the nature of government surveillance activities, and the reporting practices of Telefonica illustrate how such information can be sustainably communicated in transparency reporting. These disclosures provide meaningful insight to consumers and other stakeholders about how companies handle their personal information and communications.
Telcos arguably have an obligation to embrace performative reporting practices that match the international significance of their services. At best, their absence reflects a desire to cut down on the number of regulatory jurisdictions with which they must comply (Porter, 2020;Brasseur, 2020;Greenberg, 2003). At worst, they embody a disregard for countries that are either outside the global north or represent a fraction of the company's customer base (Lafrance, 2016;Hern, 2018). Precluding the reach of transparency and accountability to other countries in this manner can have dire consequences, especially in the wake of crises as external stakeholders inevitably critique the absence of transparency (Reuters, 2020). Furthermore, by having multiple companies present their understanding of obligations under foreign law, it is easier for external stakeholders to assess where there are common best, or worst, practices that should be raised in either local or international advocacy efforts. Therefore, while a company may adopt an effective targeted transparency tradition, it must continue evolving to encompass new and unforeseen issues as they arise.

Contrasting reporting traditions
The transparency approaches adopted by many Canadian telcos demonstrate greater confirmability and performativity than their counterparts in the US, offering Canadian customers greater agency over their data as well as contextual information regarding how it is managed. This aligns with Canadian business' historic use of privacy practices as a way to improve their relationship with customers and protect against internal mismanagement of data (Levin and Nicholson, 2005, p. 381). However, US telcos, in turn, boast reports with strong verifiability. This emphasis and lack of performativity reflect not only a traditional distrust of the government and a desire to quantify its requests for information, but also the leniency afforded to private companies and their focus on avoiding regulation instead of addressing asymmetries between themselves and their customers (Levin and Nicholson, 2005, p. 352). Telcos in the UK do not share this emphasis on verifiability, but instead, embody performativity that rivals Canadian reports. This reflects the focus of British jurisprudence on privacy as an issue of dignity rather than political liberty and that misuse of data by private companies is of greater concern than domestic government surveillance (Levin and Nicholson, 2005, p. 390).
These underlying biases may ultimately drive how transparency traditions mature over time and what types of accountability they will engender. In Canada, transparency reports allow customers to hold telcos accountable for how their data is handled internally. The strength of these reports ultimately comes down to internal advocates and the degree to which each company prioritises transparency. This may explain Bell Canada's continued refusal to publish a transparency report in favour of a detailed Privacy Policy. Without strong buy-in at the industry level, it falls to the individual organisation to adopt substantive transparency reporting.
Alternatively, the evolution of US telcos has been driven by a desire to hold governments accountable for excessive surveillance (Sanger and Perlroth, 2014), but less attention is paid to how customer information is handled internally. This approach allows stakeholders to critique the degree to which US telcos are proxies for government data collection, but it is less capable of giving users better insight into or control over how their data is managed by the organisation. Telcos in the UK are the opposite, offering little information on the domestic collection of data by the government, but instead giving detailed information on how each company manages its users' data as well as how the company interfaces with governments abroad. Stakeholders can use this information to question how UK telcos define and interpret the law at home and abroad, but not the degree to which they serve as proxies for government surveillance in the UK.

-Conclusion
As the face of transparency reporting continues to change, further research will be required. There are a number of issues that were beyond the scope of this analysis but that merit further study. First, it remains unclear to what extent the complexity of internal governance structures and strategic positioning contributed to the development of corporate transparency reports. The companies examined within this study represent only part of the wider market and are not necessarily representative of what some characterise as the decline of transparency reporting (Pegoraro, 2019;Libby, 2019). Second, our analysis did not measure corporate ratification of CSR principles and collectives, which has been correlated with stronger CSR practices (Perez, 2019). Nor does it touch on companies' willingness to publicly challenge legislation which threatens consumers' rights to privacy (Reitman, 2017).
Third, the focus of this analysis is limited to three English speaking global north countries. A comparable analysis of additional markets is sorely needed, especially given the rich debates over telco transparency being held around the world, and the influence that multinational firms have on the practices of their local competitors (Rodriguez and Alimonti, 2019;Matsakis, 2020;Karanicolas, 2016;Sakamaki, 2019;Samaro and Hussaini, 2020). Finally, and perhaps most significantly, our assessment of efficacy stopped short of analysing the extent to which effective reports contributed toward corporate or government accountability: future work must take up a subsection of the reports we analysed, and subsequently assess whether effective reports genuinely provide information that leads to accountable practice.
The methodological framework we have developed makes it easier to assess within and across sectors whether companies' transparency reports meet baseline criteria for being an effective transparency report and, as such, whether they are likely to possess key characteristics that demonstrate whether a company has internalised transparency as a corporate value while enabling external stakeholders to better hold corporations accountable. Given the exponential rate at which we all generate data for transport, storage, and analysis by telcos, it behoves researchers to find ways of systematically and critically evaluating the information about data governance that is published by companies, as well as to better integrate the insights of practitioners who are on the front lines of encouraging better corporate data governance. We hope that this analysis and framework continues to fuel the ongoing discussion about what constitutes an effective transparency report and demonstrates the importance and value of bridging academic and practitioner literatures and frameworks.