Transparency reports as CSR reports: motives, stakeholders, and strategies

Purpose – The purpose of this study is to situate information and communications technology (ICT) ‘‘transparencyreports’’within the theoreticalframeworkofcorporatesocialresponsibility(CSR)reporting.The self-denominated transparency report serves a dual purpose of highlighting an ICT company’s socially responsible behavior while also holding government agencies accountable for surveillance and requests for userdata.Drawingonlegitimacytheory,neo-institutionaltheoryandstakeholdertheory,thisexploratorystudy examineshowICTcompaniesareimplementingindustry-specificvoluntarydisclosuresasaformofCSR. Design/methodology/approach – A content analysis of ICT voluntary nonfinancial reporting ( N = 88) was used to identify motivating principles, the company positioning to stakeholders, the relevant publics and intended audience of these disclosures and the communication strategy used to engage primary stakeholders. Findings – Key findings suggest that most ICT companies used transparency reporting to engage consumers/users as their primary stakeholders and most used a stakeholder information strategy. A majority of ICT companies signaled value-driven motives in their transparency reports while also positioning thecompanytostakeholdersasa protectorofuserdata andadvocate for consumer rights. Originality/value – This study enriches the literature on CSR communication strategies and reporting practices by extending it to an underdeveloped topic of study: novel voluntary disclosures as CSR activities of prominent ICT companies (i.e. ‘‘Big Tech’’). These polyphonic reports reflect varied motives, varied positioning and varied stakeholders. For market-leading companies, transparency reporting can serve to legitimize existing market power. And for midsize and emerging companies, transparency reporting canbeused tosignal adherence toindustrynorms – setbymarket-leadingcompanies.


Introduction
While corporate social responsibility (CSR) disclosures have received sustained scholarly attention (Fatima and Elbanna, 2023), the scholarly literature has largely failed to analyze the self-denominated "transparency reports" as a form of CSR reporting.Information and communications technology (ICT) transparency reports are voluntary disclosures to organizational stakeholders about user privacy protection efforts; government surveillance endeavors; and company content moderation activities (Urman and Makhortykh, 2023;Lee, 2021).
CSR is not a monolith (de Villiers and Alexander, 2014); CSR reporting is multidimensional and reflects industry-specific expectations (Fatma et al., 2014;Decker, 2004).Our study investigates the state of the art of this specific form of nonfinancial reporting among ICT companies.
Amanda Reid, Evan Ringel and Shanetta M. Pendleton are all based at the Hussman School of Journalism and Media, The University of North Carolina at Chapel Hill, Chapel Hill, North Carolina, USA.
Notwithstanding that ICT companies are not legally required to make such voluntary disclosures under US law, transparency reporting is perceived as "now largely standard across the industry" (Douek, 2022, p. 554).This industry convergence may demonstrate "that platforms acknowledge they have some public-regarding obligations" (Douek, 2022, p. 554).Alternatively, this homogeneity may reflect isomorphic pressures (Matten and Moon, 2008;DiMaggio and Powell, 1983).Or, perhaps, widespread conformity may reflect a more complicated mixture of various internal and external forces.
Analysis of ICT transparency reports is fruitful for two key reasons: 1. First, the study of the CSR activities of prominent ICT companies (i.e., "Big Tech") is immature (Martin, 2023;Flyverbom et al., 2019).The new trend of voluntary disclosures among the world's most influential information and communication technology companies is worthy of study to the extent it signals emergent public-regarding obligations.
2. And second, understanding how CSR communication strategies are implemented, especially as it relates to major ICT companies, remains underexplored (Fatima and Elbanna, 2023;Elbanna et al., 2016).
A growing chorus of calls for government regulation and oversight manifests deteriorating confidence in Big Tech's self-regulation (MacCarthy, 2022;Tworek and Wanless, 2022).Yet, in the current legal climate, the private power of platforms remains largely unconstrained by current legal mechanisms.The rhetorical choice to denominate these disclosures as "transparency reports" offers ICT companies a patina of legitimacy.To the extent these disclosures remain unexamined, structural and systemic pathologies of platforms remain unchecked.
To fill a research gap in our understanding of Big Tech legitimacy-seeking efforts, the purpose of this exploratory study is threefold: 1. identify motivating principles that animate the publication of transparency reports; 2. identify the relevant public and intended audience for these reports; and 3. identify the communication strategies used to engage primary stakeholders.
To answer these questions, the researchers executed a content analysis of all ICT transparency reports issued with 2021 data.Worldwide, a total of 88 companies that issued a transparency report were identified and included in the analysis.This sample included not only Big Tech companies (e.g.Netflix, TikTok and Twitter) but it also included other technology-based platforms and service providers (e.g.Dropbox, Naver and WordPress).
The next part of our paper includes a review of the scholarly literature and theoretical framework.The research design and methodology are then explained.Following our descriptive results, we present our discussion.The paper concludes with theoretical implications and recommendations for future research.

Background and theoretical framework
Information and communications technology transparency reporting as a form of corporate social responsibility communication Consumer use of Big Tech is widespread and pervasive in the modern era; however, these companies are now under increasing scrutiny from policymakers and the public (Feiner, 2020;Cortellessa, 2022).There has been a "tech lash" (Weiss-Blatt, 2021;Foroohar, 2019) in the wake of Big Tech scandals (Birch and Bronson, 2022).We posit that this tech lash created a legitimacy crisis, which, in turn, spurred tech companies to embrace CSR reporting as a legitimacy-seeking strategy.
j SOCIAL RESPONSIBILITY JOURNAL j The "transparency report" serves a dual purpose of highlighting a company's socially responsible behavior while also holding government agencies accountable for surveillance and requests for user data (Figure 1).Big Tech companies like, Google, Apple, Facebook, Amazon and Microsoft (GAFAM), have been issuing transparency reports for close to a decade (Access Now, 2021).In 2010, Google was the first to publish a public-facing transparency report, and the disclosures centered around government requests for user data or account removals (Tworek, 2019;Parsons, 2017).Following Edward Snowden's 2013 revelations of pervasive government surveillance, the adoption of transparency reporting practices increased across the industry, with other prominent ICT companies, like Apple and Facebook, releasing similar disclosures of government information requests (Lyon, 2014;Gorwa and Ash, 2020).
Unlike other social reporting frameworks, like sustainability reports and other nonfinancial disclosures, ICT transparency reports are relatively new and lack formal standardization processes (Global Reporting Initiative, 2015;Turzo et al., 2022).Nongovernmental organizations, like the Global Network Initiative and Santa Clara Principles, have developed guiding principles reflecting multistakeholder initiatives (Urman and Makhortykh, 2023;Gorwa, 2019).However, these principles appear to exert a weak influence on ICT companies.One study found there were "vast discrepancies" in the data that companies included in their transparency reports, noting that none of the reports were fully compliant with the Santa Clara Principles (Urman and Makhortykh, 2023, p. 10).
Scholars have identified three primary principles that motivate CSR communications to explain why companies voluntarily disseminate nonfinancial disclosures (Maignan and Ralston, 2002;Swanson, 1995).The first motivating principle centers around promoting CSR as a core part of the company's values and identity: value driven.The second motive, derived from a utilitarian perspective on corporate communication, acknowledges CSR as an economic action: performance driven.The third animating principle positions CSR as a response to stakeholder demands: stakeholder driven.Applying these three motivating principles to ICT transparency reports, we posit that value-driven transparency occurs when voluntary disclosures are presented as part of the company's culture or as an expression of its core values.Second, performance-driven transparency occurs when these reports are presented as an instrument to improve the firm's competitive posture or financial performance.And finally, stakeholder-driven transparency manifests when transparency is presented as a response to pressure and scrutiny from one or more stakeholder groups (e.g.consumers, civil society and regulators).

Transparency reporting as legitimizing corporate social responsibility reporting
Legitimacy theory suggests that companies seek to carry out activities in accord with societal boundaries and norms (Lanis and Richardson, 2012;Deegan, 2002).Companies that fail to meet the expectations of politically and economically powerful stakeholders face threats to their legitimacy (Clarkson et al., 2011).At the same time, companies that meet the disclosure expectations of investors can reap financial rewards (Minutolo et al., 2019) and better corporate governance ratings (Chan et al., 2014).Thus, voluntary disclosures of prosocial activities that exceed bare legal requirements can be used to improve the public perception of company performance (Aggarwal and Singh, 2019;Carroll, 1991;Clarkson et al., 2008;Deegan, 2002).
The concentration of power among Big Tech companies is "a source of growing public concern" (Atal, 2020, p. 336).Voluntary transparency reports are essential in legitimizing the CSR efforts used by industry actors.To that end, companies can use one of the four legitimation strategies to communicate with stakeholders: 1. educate and inform; 2. seek to change perceptions to persuade; 3. deflect attention; and 4. change external expectations (Lindblom, 1994).
Yet from a critical perspective, Big Tech self-disclosures may be little more than a reputation management tool; such transparency efforts may do little to alter the residual structural power of Big Tech (Bietti, 2023).
Neo-institutional theory offers a complementary framework for understanding how companies respond to changing social and institutional expectations (Dagilien _ e and Nedzinskien _ e, 2018).Another risk to legitimacy is a company's failure to adopt widely accepted structures and procedures (DiMaggio and Powell, 1983).Neo-institutional theory suggests that companies are influenced by the broader institutional settings in which they operate and are pressured to conform with socially accepted institutional norms (Jahid et al., 2023;Doh and Guay, 2006;Carpenter and Feroz, 2001;Moll et al., 2006;Goodrick and Salancik, 1996).Isomorphic pressure for corporate conformity can be classified into three basic categories: 1. coercive isomorphism that stems from political influence and the problem of legitimacy; 2. mimetic isomorphism resulting from standard responses to uncertainty; and 3. normative isomorphism, associated with professionalization (DiMaggio and Powell, 1983, p. 150).
This resulting homogeneity can yield significant benefits for companies (Shabana et al., 2017;Heugens and Landers, 2009).To the extent that industry-wide adoption of voluntary CSR disclosure may be explained by isomorphic pressures (de Villiers and Alexander, 2014; Pedersen et al., 2013;Berrone and Gomez-Mejia, 2009;Amran and Siti-Nabiha, 2009;Campbell, 2007), we posit that similar institutional pressures may influence the mimicry of a new form of CSR disclosure: "transparency" reporting among ICT companies.
j SOCIAL RESPONSIBILITY JOURNAL j Stakeholder engagement through corporate social responsibility reporting Corporate voluntary disclosures are used to communicate and maintain relationships with various stakeholders.Freeman's Stakeholder Theory suggests that sensitivity to stakeholder desires is critical to maximizing financial performance (Freeman, 1984;Freeman et al., 2021;Phillips et al., 2003).Stakeholders are those who can affect, and can be affected by, a corporation's core functionswhich includes those with a vested interest in corporate actions (Hess, 2001).Sweeney and Coughlan (2008) identified five categories of relevant stakeholders for CSR reporting: customers, employees, society/community, shareholders and environment.Other scholars have also included government as a relevant stakeholder (Fatma et al., 2014).
Stakeholders are not a unitary concept.Rather, stakeholders can be classified under a bifurcated framework: "primary" and "secondary" (Clarkson, 1995;Metcalfe, 1998).Primary stakeholders: have a direct impact on and are influenced by company activities; and are directly related to (and key to) a corporation's continued success (Sweeney and Coughlan, 2008;Fatma et al., 2014).
On the other hand, secondary stakeholders are not directly engaged in transactions with a corporation and are not key to its survival.Secondary stakeholders can be affected by a company's actions, yet less directly or economically so.A core corporate directive is to balance the "conflicting demands" of these various stakeholders (Guix et al., 2018).
Scholars have identified various CSR stakeholder communication strategies to help balance stakeholders' interests (Grunig and Hunt, 1984).Morsing and Schultz (2006) suggest that corporations can use one of the three CSR communication strategies to engage with stakeholders.When using the first strategy, "stakeholder information," the corporation engages in one-way communication with the intention of informing stakeholders about "favorable corporate CSR decisions and actions" (Morsing and Schultz, 2006, p. 326).The second strategy, "stakeholder response," is conceptualized as a two-way asymmetrical communication model where companies position their CSR actions as a response to the desires of external stakeholders (Morsing and Schultz, 2006, p. 327).Here, the corporation's communication is not focused on an active, negotiated dialogue with stakeholders, but instead, it is premised on convincing stakeholders that the corporation is responding to their demands.Conversely, the third strategy, "stakeholder involvement," is a true corporate dialogue with stakeholders where both sides seek mutually agreeable outcomes (Morsing and Schultz, 2006, p. 328).By using a stakeholder involvement strategy, the company actively invites future dialogue with stakeholders and implies a willingness to change company actions.
While legitimacy theory, neo-institutional theory and stakeholder theory could be treated as mutually exclusive explanations for CSR reporting motivations, scholars have argued the theories are best conceptualized as "overlapping perspectives" that explain why corporations engage in CSR reporting (Gray et al., 1995).As a form of nonfinancial corporate disclosures produced in response to external pressures from stakeholders (Singh and Bankston, 2018), ICT transparency reports fit within these existing frameworks of CSR disclosures.As an industry-specific form of CSR disclosures, transparency reports serve to manage positive relationships with stakeholders by positioning the company as a socially responsible corporate citizen (Chan et al., 2014).

Research questions
Drawing on the theoretical perspectives discussed above, the goal of this exploratory study is to investigate the purpose and function of ICT transparency reports by asking the following: Which CSR motivating principles (e.g.performance-driven, value-driven or stakeholder-driven) are reflected in the transparency reports?
RQ2.How does the company position itself (e.g.protector/advocate or reluctant compliance/passive) in the transparency reports?
RQ3. Which stakeholders are engaged in the transparency reports?And which stakeholders are primary and secondary in the reports?
RQ4. Which communication strategy (i.e.stakeholder information strategy, stakeholder response strategy or stakeholder involvement strategy) was used to engage primary stakeholders?

Research design and methodology
To shed light on why ICT companies are issuing transparency reports and who these reports are intended to engage, we performed a content analysis of all reports issued in a single year.Content analysis (Milne and Adler, 1999) was deemed an appropriate method for this study due to its ability to quantitatively identify and analyze trends, themes and concepts emerging from the data.To answer our research questions, both deductive and inductive approaches were used to build upon preexisting analytical frameworks from CSR literature.The authors also used qualitative content analysis during the pilot testing phase to analyze data inductively and created new coding categories reflecting frequently emerging themes that were not adequately represented in the literature (Cho and Lee, 2014).

Sampling
A transparency report is defined as a company publication that catalogs: requests for user data (from either governments or third parties); content moderation practices and account restriction activities by the ICT company; or both (Access Now, 2021).
An example is Apple's "Transparency Report" in Figure 2. The authors identified the transparency reports containing 2021 data by conducting independent searches and by cross-referencing several publicly available resources (Access Now, 2021;Stoughton and Rosenzweig, 2022;Yahoo, 2022).This sampling method is consistent with the data collection methods used by other scholars who have examined ICT transparency reports (Urman and Makhortykh, 2023;Stoughton and Rosenzweig, 2022).Based on the inclusion criteria for this study, a corpus of 88 reports from ICT companies was identified for content analysis through a triangulation of sources and iterative searching (Appendix).

Measures and intercoder reliability
The content analysis protocol was developed collaboratively by the three authors.Coder training was conducted to test the reliability of the instrument and adjust it as needed.
During the pilot testing stage, three coders applied the protocol to 15 transparency reports from a year outside of the sample.Coders also collected qualitative data to be analyzed inductively.After assessing the percent agreement from the pilot test, the protocol was revised to address discrepancies and add new coding categories identified in the data.The next round of training was conducted to ensure issues of ambiguity had been resolved.
After training, coders received access to the full sample to begin coding the data.Due to the small number of content units, two coders were responsible for coding all of the content and all units (N = 88) were used to establish reliability.Reliability testing was conducted for each variable using the ReCal2 reliability calculator (Freelon, 2013).Krippendorff's values and percent agreements (in parenthesis) ranged from 0.76 (90%) to 1 (100%) for the j SOCIAL RESPONSIBILITY JOURNAL j following variables: motives = 0.91 (96%), positioning = 0.76 (90%), transparency in title = 1 (100%), stakeholders = 0.91 (97%) and communication strategy = 0.87 (94%).
Motives.Using a deductive approach, we built upon previous research to guide our assessment of reporting motives (Maignan and Ralston, 2002;Ellen et al., 2006;Basu and Palazzo, 2008).This previous research informed our coding of CSR motivating principles: Value-Driven, Performance-Driven and Stakeholder-Driven.Value-Driven motive reflected an internal impetus and emphasized the company's core values and culture.Performancedriven motive foregrounded an economic rationale and emphasized the company's economic mission to improve financial performance and/or competitive posture.Stakeholder-Driven motive suggested a responsiveness to external scrutiny and pressure from stakeholders.If a company's report did not reflect one of the three preidentified motives, it was coded as a Undefined motive.In addition to selecting a motive, coders were also asked to copy and paste relevant language from the report that corroborated the category selected.Illustrative examples of this relevant language reflecting CSR motivating principles are included in Table 2.
Positioning.Applying an inductive approach, positioning emerged during the pilot testing phase of this study.The authors of this project drew together complementary research backgrounds that facilitated the qualitative analysis during the pilot phase.Two authors are interdisciplinary legal scholars focusing on technology and society; one author brings expertise in CSR.After multiple reviews and discussions of the themes emerging from the content, the authors collaboratively conceptualized three approaches ICT companies used to position themselves to stakeholders as stewards (or not) of user data.First was a Protector/Advocate position, where the company positioned itself as a staunch advocate for consumer rights and protector of user data.To select this code, the Protector/Advocate position must have been clearly articulated; vague or weak language was not sufficient.A second position was Reluctant Compliance/Passive, where a company positioned itself as a passive conduit or as merely complying with government pressure to release user j SOCIAL RESPONSIBILITY JOURNAL j information.Finally, No Position existed where the report consisted primarily of data without explanation.For this final code, the report presented mainly numerical information without a narrative to contextualize or explain why the report was issued.These inductively derived codes were incorporated into the quantitative content analysis.This analysis serves to supplement the scholarly understanding of positioning in CSR communications (Xu and Woo, 2023;McPhee and Zaug, 2008).Illustrative examples of relevant language reflecting company positioning are included in Table 3.
Transparency in title.The titles of CSR reports have been examined to assess how firms communicate their social roles (Lee, 2021).In our project, transparency in the title was coded as a binary variable indicating the presence or absence (yes/no) of the word "transparency" (or any truncated variation of the word) in either: the topline title of the Web page housing the report; or the title of the report itself.
This variable was included for analysis because titling is indicative of how the company embraces the concept of transparency, how the company frames this novel form of CSR disclosures and how the company communicates its social role.Thus, inquiring about the term "transparency" in the title is derivative of how the company positions itself and its report.And in other CSR reporting, researchers have noted homogeneity in the report "format" (Othman et al., 2011;Tschopp and Nastanski, 2014).By extension, a convergence in the report naming convention may reflect isomorphic pressure to conform.
Stakeholders.The stakeholder variable was assessed at two levels.First, coders were instructed to indicate which stakeholders were engaged in the transparency reports using the following categories: customers/users, employees, society, shareholders/investors, government and/or none (Fatma et al., 2014).Next, coders were asked to indicate if the identified stakeholders were engaged as primary or secondary stakeholders in the report (Sweeney and Coughlan, 2008).In our content analysis, stakeholders who were the main focus of the narrative portions of the report were coded as primary.On the other hand, secondary stakeholders were often only mentioned in passing references.
Communication strategy.Stakeholder engagement is conceptualized as "practices the organisation undertakes to involve stakeholders in a positive manner in organisational activities" (Greenwood, 2007, p. 315).Three stakeholder communication strategies were drawn from CSR literature: 1. stakeholder information; 2. stakeholder response; and 3. stakeholder involvement (Morsing and Schultz, 2006).
Stakeholder Information was a one-way communication to inform about favorable decisions and actions.Stakeholder Response was a two-way asymmetric communication to demonstrate how the company integrates concerns.Stakeholder Involvement invited a dialogue with primary stakeholders and implied an interest in sparking a wider dialogue (e.g."We want to stimulate a public discussion about why and when companies are required to disclose data to government agencies" (Uber)).In addition to selecting one of these three engagement strategies, coders were asked to copy and paste relevant texts from the reports to substantiate the selection.Illustrative examples of relevant language reflecting the company's communication strategy are included in Table 4.

Results
Across the globe, 88 ICT companies released a transparency report containing data from the 2021 calendar year [1].While 58 (65.9%) of the companies were headquartered in the j SOCIAL RESPONSIBILITY JOURNAL j USA, a total of 22 countries had at least one company that issued a 2021 transparency report (Table 1).Fifteen companies (17.0%) were headquartered in Europe, while nine (10.2%) were headquartered in Asia or Oceania.Aside from the USA, Canada was the only other country with more than two companies that issued a 2021 transparency report (n = 4).Six countries had two companies that issued a transparency report: France, Germany, India, New Zealand, South Korea and Switzerland.

RQ1 and RQ2: corporate social responsibility motivating principles and company positioning
To answer RQ1, the researchers evaluated each company's report to determine the motivating principle for issuing a transparency report (Maignan and Ralston, 2002;Swanson, 1995).Most ICT companies (n = 65; 73.9%) signaled a Value-Driven motive for transparency reporting.In these reports, the companies signaled that the motive was an internally-driven expression of the company's core values and culture.This motivating principle was often reflected in language about the company's "commitment" to transparency (e.g.IBM, Orange, Slack and Telef onica).For value-driven companies, this "commitment" often motivated transparency reporting: "Citrix values the trust of its customers and is committed to transparency.In furtherance of this commitment, Citrix publishes this bi-annual report about the number and type of requests it receives from law enforcement agencies for the disclosure of customer data" (Citrix).In some reports, this Source: Authors' work j SOCIAL RESPONSIBILITY JOURNAL j motive was reflected in explicit statements about the importance of transparency reporting: "Last year, we published our first ever Transparency Report, to give more insight into the inner workings of Trustpilot-a result of our continued ambition to earn the trust of both consumers and businesses globally, as the platform that ignites trust between the two" (Trustpilot).Thus, transparency was presented as "critical to building trust" (Zoom) or "more important than ever" (Twitter) (Table 2).
While a majority of companies reflected a Value-Driven motive for transparency reporting, it was not universal.Some companies (n = 9; 10.2%) signaled a Stakeholder-Driven motive such that their transparency report was presented as a responsive communication motivated by pressure and scrutiny from stakeholders, like users: "Our customers expect us to safeguard their data as if it were our own, and they expect us to communicate openly if we might be compelled to share their data with a third party" (Digital Ocean).Reports with a Stakeholder-driven motive often referred explicitly to the report as a key mechanism to meet the expectations of customers.For example, Amazon's report stated, "Amazon knows customers care deeply about privacy and data security, and we optimize our work to get these issues right for customers" (Amazon).
A minority of companies (n = 6; 6.8%) signaled a Performance-Driven motive by foregrounding the economic benefits of transparency and by largely focusing on the marketplace rather than their customers.In reports that reflected a Performance-Driven motive, transparency was presented as vital to the company's "position as a digital privacy leader" (Virtru) or the creation of "long-term business value" (Millicom).
During the coding process, a fourth category for motive emerged: Undefined motive.Eight companies (9.1%) did not indicate a specific motive for the publication of their transparency report.Instead, these companies generally presented the transparency report in a neutral, just-the-numbers fashion.Reports with no discernible motive would note that the company received government requests for information, yet these reports lacked any subsequent explanation of the report's purpose or value: "This page includes the information about how Yandex handles requests from government agencies and the number of requests it receives" (Yandex).These reports tended to be shorter documents with more numbers than narrative (e.g.LINE, SpiderOak and VMWare).These findings suggest an opacity of reporting purpose for some companies; it is notable that the extant CSR motives do not fully reflect what is happening in ICT transparency reporting.It is unclear to what extent cultural norms may be at work here, as CSR reporting can vary across national and cultural contexts (Lu and Wang, 2021).An alternative (or perhaps complementary) hypothesis is whether coercive isomorphism may explain this Undefined motive.
In answering RQ2, the researchers coupled the assessment of reporting motive with a measure of how the companies positioned themselves in their voluntary disclosures.The company's position and rationale for issuing a transparency report were assessed primarily from an examination of the report's introduction.The introduction is the first material a reader sees when accessing the report, and the introduction thereby serves a priming function for how transparency reporting should be perceived (Table 3).
Sixty-six companies (75%) were positioned as an Advocate for their users and Protector of consumer data: "We have taken aggressive measures to protect our users' information and data from unwanted third parties, and you deserve to know what we are doing with your data" (Virtru).Company reports in this category contained staunchly pro-consumer language: "Our mod and admin teams have worked tirelessly to prioritize user safety and security in furtherance of our mission to bring community, belonging, and empowerment to everyone in the world" (Reddit).This position required more than simply acknowledging transparency efforts: "Wickr is committed to meeting and exceeding industry standards for transparency reporting" (Wickr).Companies using the Protector/Advocate positioning would often: j SOCIAL RESPONSIBILITY JOURNAL j reference integrating privacy and security at multiple stages of the design process (MEGA, Pinterest and Yubo); reference the "right" of consumers to information privacy (BetterCloud, Telef onica and Xiaomi); or initiate calls for reform in government information-seeking practices (CREDO).
In contrast with the Protector/Advocate role, 20 companies (22.7%) used a Reluctant Compliance/Passive positioning with government requests for user information.Company reports in this category did not adopt a staunchly pro-consumer position: "It is not Cloudflare's intent to make law enforcement's job any harder or easier" (Cloudflare).Instead, companies in this category would often position the transparency report as a way to: communicate the company's response to valid legal demands from government actors (e.g., "Adobe, like all hosted service providers, is obligated to disclose user data when we receive valid legal process from a government agency" (Adobe)); or outline the process the company uses to respond to those government demands while underscoring the company's legal obligation (e.g.ProtonMail and Ring).
Much like companies who were "committed to responding to law enforcement requests" (TikTok), there were companies that passively presented the data within the report for the purpose of merely "providing insight" into government requests for information (TekSavvy).When the foundation does receive a request, we thoroughly evaluate it, and we push back against those requests that could harm users' human rights or affect their ability to determine what content should be on the projects.And when we must respond to the small number of valid takedown notices we receive, we tell you.(Wikimedia) CREDO has a long history of defending civil liberties and fighting against abuses of power that threaten Americans' constitutional rights to privacy.We are working for full repeal of the USA PATRIOT Act and FISA Amendments Act.Until such time as full repeal can be achieved, as well as afterward, we strongly believe there should be as much transparency as possible regarding government surveillance, and that our customers have the right to know when governmental entities request access to their information or communications.(CREDO Mobile)

Reluctant
Compliance/ Passive n = 20; 22.7% The company positions itself as a passive conduit or positions itself as the recipient of government pressure to release user information Kakao responds to the government's requests based on the necessity for warrants and shares the relevant situation with users in a transparent manner to securely manage personal information and faithfully fulfill the obligations of realizing the public interest as a member of the society.(Kakao) We include all the information we are legally permitted to disclose, to the extent we maintain such information.(T-Mobile) Telia company and its local subsidiarieslike all telecommunications companiesare obliged by laws in the countries within which we operate to assist authorities for purposes such as enforcing criminal law.We are only to disclose customer information in accordance with the law.(Telia) Telecommunications companies are required by law to assist security authorities with surveillance measures or by handing over data for law enforcement.It is very important to us that we make our activities as transparent as possible within the framework of these legal obligations.(Deutsche Telekom) No Position n = 2; 2.3% Company takes a nonposition approach to presenting data; data is presented with little context or narrative explanation VMWare publishes annual reports to show number of law enforcement requests received from around the world.(VMWare) The LINE Transparency Report is a regular report on how LINE handles data for its various services, and sheds light on LINE's approach toward running the platform.(LINE) Source: Authors' work While most of the 88 companies were positioned as Protector/Advocate for users or Reluctant Compliance/Passive, two companies (2.3%) reflected No Position within their 2021 transparency report (LINE and VMWare).Instead, these companies presented data without explanation or positioning.And these reports offered little or no context about company compliance processes.
As an additional measure of a company's positioning, the authors evaluated whether the title of the report (or the Web page housing the report) contained the word "transparency." The vast majority of companies (n = 78; 88.6%) included "transparency" in the title, suggesting this practice is the industry standard.However, ten companies (11.4%) chose not to include transparency in the title of their report.Companies that opted not to use transparency in the report title can be broken into two categories.Three companies (3.4%)only included information about government requests for user data as part of a larger environmental, social and governance (ESG) report, meaning that transparency was only a small focus of the larger report.On the other hand, seven companies (8%) released a standalone disclosure of information requests without using the word "transparency" (e.g."Law Enforcement Disclosure (LED) Report" (Millicom), "Telenor Annual Authority Request Disclosure Report" (Telenor) and "Information Requests Report" (TikTok)).
A chi-square test of independence indicated that differences in positioning can be explained by the motive the company reflects in their report [X 2 (6, N = 88) = 42.793,p < 0.001].Post hoc z tests comparing the categories with the Bonferroni method of adjusted p values suggested that companies positioning themselves as Protector/Advocate were significantly more likely to reflect a Value-Driven motive within their report and significantly less likely to reflect an Undefined motive within the report.
We posit that conformity to the Value-Driven motive and Protector/Advocate positioning in transparency reporting practices may reflect isomorphic behavior among legitimacyseeking ICT companies (DiMaggio and Powell, 1983).From a diffusion of innovation perspective, market-leading ICTs, like Google, Twitter and Facebook, likely served as innovators in the transparency reporting process.As such, other ICT companies may have perceived that those reporting practices were establishing emerging institutional norms.Thus, isomorphic pressure may have prompted imitation to capitalize on both symbolic and substantive advantages (Heugens and Landers, 2009).For market-leading companies, transparency reporting can serve to legitimize existing market power.And for midsize and emerging companies, transparency reporting can be used to signal adherence to industry normsset by market-leading companies.

RQ3 and RQ4: corporate social responsibility stakeholder engagement in transparency reporting
To answer RQ3, the researchers coded each report for the presence or absence of five groups of stakeholders: Customers; Employees; Society; Shareholders; and Government (Fatma et al., 2014;Sweeney and Coughlan, 2008).Stakeholder groups were engaged when expressly discussed or mentioned.After identifying which stakeholders were engaged in the report, the researchers then evaluated whether those stakeholders were presented as primary or secondary.
Customers were the only stakeholder referenced in all of the transparency reports, and 87 of 88 companies (98.9%) presented Customers as primary stakeholders.Reports variously described these stakeholders as "users," "members" and "customers."The other commonly engaged stakeholder in the reports was Government, which was referenced by 85 companies (96.6%).The reports variously described Government as "law enforcement," "authorities" or "agencies."Unlike Customers, Government entities were more frequently engaged as secondary stakeholders (n = 64; 72.7%) rather than as primary stakeholders (n = 21; 23.9%).
j SOCIAL RESPONSIBILITY JOURNAL j The other groups of stakeholders less commonly engaged within the transparency reports were Employees, Shareholders and Society.Twenty-five companies (28.4%) engaged the larger noncustomer Society as a stakeholder.Companies engaging Society as a primary stakeholder (n = 9; 10.2%) often referenced a larger public dialogue about the role of transparency and privacy; while companies engaging Society as a secondary stakeholder (n = 16; 18.2%) made normative appeals about the value of community and the company's role in influencing the larger world.An example of Society as a secondary stakeholder is Pinterest' report: "We have industry-leading positions on content safety that are informed by inputs and advice from outside experts, civil society and government" (Pinterest).Here, the Pinterest report mentions working with community members, and Society is a secondary stakeholder because the report is not directed to these stakeholders.
Nineteen companies (21.6%) engaged Employees as stakeholders and often described them as "our team" or "staff."Eighteen of those companies (20.5%) presented Employees as secondary stakeholders.Eight companies (9.1%) engaged Shareholders as stakeholders, often referring to them as "investors."Of the companies that engaged Shareholders, three companies (3.4%) engaged Shareholders as a primary stakeholder and embedded the transparency report information within a larger ESG report.The balance of companies that engaged Shareholders (n = 5; 5.7%) engaged them as secondary stakeholders.
A chi-square test of independence indicated that differences in whether Employees [X 2 (3, N = 88) = 10.965,p < 0.05] and Government [X 2 (3, N = 88) = 12.593, p < 0.01] were engaged within transparency reports could be explained by the motive reflected in the report.Post hoc z tests revealed that companies reflecting a Performance-Driven motive were significantly more likely to engage Employees as stakeholders and significantly less likely to engage Government as stakeholders.
To answer RQ4, the researchers evaluated each company report to determine which CSR communication strategy (Morsing and Schultz, 2006) the company adopted to engage primary stakeholders.Most companies (n = 61; 69.3%) used the Stakeholder Information strategy.Companies in this category emphasized the informative role of transparency reports and presented the report as a way to provide details about government requests or content moderation decisions.Nineteen companies (21.6%) used the Stakeholder Information strategy.Companies in this category invited an open dialogue with customers, governments and civil society organizations, and frequently called for a larger debate about privacy and security.The remaining eight companies (9.1%) adopted the Stakeholder Response strategy.Companies in this category presented their transparency reports as a direct response to the demands and expectations of stakeholders.Many of these companies also presented themselves as willing to alter their transparency practices in response to those discussions.
A chi-square test of independence indicated that differences in communication strategy could be explained by the motive reflected in the report [X 2 (6, N = 88) = 18.778, p < 0.01].Differences in communication strategy were also significantly associated with engagement with Society as a stakeholder within the report [X 2 (2, N = 88) = 16.989,p < 0.001] and engagement with Society as a primary or secondary stakeholder within the report [X 2 (2, N = 88) = 17.724, p < 0.01] (Table 4).

Discussion and conclusion
We identify a worldwide diffusion of a novel type of nonfinancial disclosures among ICT companies.Our content analysis reveals that "transparency reports" published by ICT companies are akin to other forms of CSR disclosures.Much like the worldwide diffusion of CSR reporting (Pedersen et al., 2013), our findings highlight an emerging, worldwide diffusion of ICT transparency reportingacross 22 countries.Like other CSR disclosures, j SOCIAL RESPONSIBILITY JOURNAL j transparency reports reflect not only CSR-style motivating principles but also positioning to stakeholders.And these reports engaged diverse stakeholders by using various CSR communication strategies.
Our exploratory analysis suggests the emergence of two general styles of ICT transparency reporters: proactive and reactive.The proactive style is the more widely adopted approach among transparency reporters.We found most companies adopting a proactive style reflected Value-Driven motives in their transparency reports.The dominance of this approach comports with research suggesting consumers respond most positively to valuedriven CSR efforts (Ellen et al., 2006;P erez et al., 2019).The proactive group of companies also explicitly denominated the report as a "transparency" report and positioned the report within a Protector/Advocate role for consumers.Google, Twitter and Facebook are notable ICT companies that adopted this proactive approach.
The second, less common, style of ICT transparency reporters is reactive.For those companies adopting a reactive style, Performance-or Stakeholder-Driven motives were more common in their transparency reports.These companies were less likely to use the term "transparency" in the title of their report.And these companies more often engaged noncustomer or nongovernment stakeholders within their reports.The difference between We provide our members with regular transparency updates on the actions we take to protect members, how we handle questions about member data, and how we respond to content removal requests.(LinkedIn) This report reflects our commitment to transparency to our customers.We hope that this report is able to provide clarity to our customers into the types of government requests we receive on a yearly basis.(RingCentral) Telecommunications companies are required by law to assist security authorities with surveillance measures or by handing over data for law enforcement.It is very important to us that we make our activities as transparent as possible within the framework of these legal obligations.DigitalOcean takes seriously the trust our users place in us.Our customers expect us to safeguard their data as if it were our own, and they expect us to communicate openly if we might be compelled to share their data with a third party.(DigitalOcean) The public and policy makers want to be better informed about our actions and we recognize these calls for greater transparency.(Twitter) The trust of our users is ISRG's most critical asset.Transparency regarding legal requests is an important part of making sure our users can trust us, and to that end we will be publishing reports twice annually.(Let's Encrypt) At Microsoft, we're optimistic about the benefits of technology, yet clear about the challenges.To drive positive impact with technology, people need to be able to trust the technologies they use and the companies behind them.(Microsoft) Source: Authors' work proactive and reactive styles is particularly revealing as the chi-square analysis indicates that the report's motivating principle is significantly associated with other characteristics of the report, like the company's positioning and the CSR communication strategy used.
Our results also suggest that ICT transparency reports are a mechanism by which companies seek to maintain legitimacy, and such legitimacy-seeking approaches correspond with the four strategies identified by Lindblom (1994).Companies releasing transparency reports educate and inform stakeholders by using the stakeholder information strategy to present data within a transparency report through one-way communication to stakeholders about government data requests and company content moderation activities.
Companies reflecting a Value-Driven motive for transparency reporting change perceptions to persuade stakeholders by presenting transparency as a moral obligation.The two dominant positionings identified in our content analysis (Protector/Advocate and Reluctant Compliance/Passive) serve as legitimacy-seeking techniquesyet they operate in very different ways.Much like companies that seek to change perceptions through a Value-Driven motive, companies adopting a Protector/Advocate position change external expectations by projecting a desire to foreground customer interests in data privacy and security.However, companies adopting a Reluctant Compliance/Passive position deflect attention by suggesting that they have little choice but to comply with government demands for user information.Rather than setting the expectation that the company will affirmatively and proactively protect customers, the company presents government entities as a dominant forcewith which cooperation is required.

Theoretical contributions and implications
Drawing on CSR theoretical frameworks and literature, we argue that ICT "transparency reports" are best conceptualized as a new form of CSR reporting.Transparency reports can communicate company responses to government requests for user data as well as company content moderation practices.Through these CSR-type disclosures, ICT companies seek to communicate legitimizing corporate actions (Lanis and Richardson, 2013;Deegan, 2002).
This study draws on multiple theoretical perspectives: legitimacy theory, neo-institutional theory and stakeholder theory.Rather than being distinct theoretical approaches, these are complementary forces that interrelate in CSR practices (Fernando and Lawrence, 2014).Legitimacy and stakeholder theories may offer insights on why ICT companies have adopted voluntary transparency reporting.Conformity with industry-wide practices can dilute public criticism and deflect attention away from any one company within the field (Douek, 2020).And neo-institutional theory may offer the isomorphic pressures that explain why such voluntary transparency reporting practices have been adopted by 88 companies across the globe.Operating within social frameworks, companies are influenced by a constellation of homogenizing forces: regulatory (coercive), cultural (mimetic) and professionalization (normative).The sum of these forces catalyzes industry-wide practices: "Companies could resist adopting CSR reporting if they are subjected to a single form of pressure" (Jahid et al., 2023, p. 16).Thus, a complex admixture of forces can animate ICT transparency reporting.
Our results indicate transparency reports are polyphonic in nature (Schoeneborn and Trittin, 2013).These reports reflect varied motives, varied positioning and varied stakeholder engagement strategies.By focusing on these CSR strategies, we reaffirm that CSR practices are constructed through dialogic processes with various stakeholders (Schoeneborn and Trittin, 2013;Schultz et al., 2013).In other words, we underscore that corporate legitimacy, accountability and responsibility are co-constructed through nuanced processes of meaning-making between companies and their stakeholders.Our conclusions have practical implications for ICT companies: communication of socially responsible behavior should be an integrated endeavor, rather than a siloed project (i.e.siloed in the j SOCIAL RESPONSIBILITY JOURNAL j Trust and Safety team).Moreover, in line with the Habermasian "ideal speech solution," participatory stakeholder engagement strategies can serve to bolster ICT company legitimacy (Palazzo and Scherer, 2006;Scherer and Palazzo, 2007).
The legitimacy of corporate activities flows largely from consent garnered through engagement with stakeholders (Deegan, 2002;Scherer and Palazzo, 2007).From an ethical perspective, to legitimately engage with stakeholders and to meaningfully receive their consent, corporations must grapple with the relative power positions of stakeholders (Greenwood and Van Buren, 2010).But CSR should not simply be a mechanism by which corporate power in society is further entrenched and unquestioned (Dawkins, 2015).Foucault (1982) conceived of power relations as more than simply controlling resources; power relations are also practices that support particular alignments of activities and interests.And power asymmetries can give rise to manipulation and opportunism (Axelrod, 1981).Thus, if CSR disclosures remain unexamined, the disclosures can serve simply legitimize corporate power and obscure power asymmetries.Our exploratory study begins to fill this gap by examining key aspects of Big Tech transparency reportswhy (motives), who (stakeholders) and how (communication strategies).
This is important work because unexamined CSR reporting risks fueling the core problem that CSR was intended to address, namely, the pursuit of corporate economic goals at the expense of social responsibility (Bondy et al., 2012).A more critical perspective on CSR considers the implications of powerful companies taking on activities traditionally associated with governments (Bondy et al., 2012).If these nonfinancial disclosures are simply taken at face value, they risk reinforcing extant power dynamics rather than offering an opportunity for dialogue among stakeholderswhich could lead to meaningful change.
In other words, voluntary, unaudited reports are a poor mechanism to address structural and systemic platform pathologies.
By relying on purely voluntary disclosures, the authors note that the private power of Big Tech is left unchecked.Companies can unilaterally decide to cease making these disclosures, like when Twitter did not release a 2022 transparency report after Elon Musk bought the company (Rawnsley, 2023;Masnick, 2023b).But even when companies do issue reports, we risk allowing Big Tech to launder its legitimacy through voluntary disclosures.These disclosures risk obscuring problems of power by implying that the lack of transparency was the problemwhich is thus remedied by voluntary self-disclosures.
While denominated as a transparency report, these disclosures, in practice, offer limited transparency.Initially, these reports revealed government requests for user information.For some companies, these reports evolved to also include company content moderation practices.However, these reports do not include disclosures about other problematic Big Tech activities, like advertising and data collection practices, behavioral profiling and algorithmic targeting.Therefore, these reports offer only fractional transparency.And by focusing on disclosures, it draws focus away from other valuable, yet nondisclosed, information.Simply focusing on what is disclosed obscures what is not disclosed.And an incomplete picture risks undermining meaningful accountability.If there is merely a rhetorical commitment to transparency, without meaningful accountability, we have little more than performative transparency theatre.

Limitations and future research
No study is without limitations, and our research is no different.The authors are reasonably confident that the corpus of 88 ICT transparency reports reflects all reports with 2021 data.The corpus was developed through independent searches and by cross-reference to multiple sources; however, it is possible that these search efforts may not have discovered all reports.The authors acknowledge an English-language bias.Despite the authors' due diligence, transparency reports published exclusively in a foreign language may have been j SOCIAL RESPONSIBILITY JOURNAL j missed.There were, however, several instances of companies publishing reports in both a foreign language and an accompanying English-language translation (which the authors analyzed).The not infrequent availability of an accompanying English-language translation may signal a low likelihood of a missed report.The comprehensiveness of our corpus may also have been affected by a publication lag.Thus, it is possible that a 2021 report had not yet been released when our data was collected in November 2022.The authors note that any transparency reports not found through repeated and diligent searching is poorly "transparent." Another possible limitation is due to the broader social environment in which these reports were produced.In the midst of a global pandemic, the 2021 ICT transparency reports may not be fully indicative of company values and motives over a larger period of time.Our study examined the discursive elements of the transparency reports themselves; however, other sources (e.g. company blog posts or press releases) could convey or supplement the motive and positioning of transparency reporting.As such, a content analysis focused solely on the report itself may miss additional context from a company.
Further research may illuminate how companies project motivating principles and positioning in auxiliary materials that complement the report itself.And as CSR communication strategies can vary across cultural and national contexts (Lu and Wang, 2021), fruitful research might interrogate to what extent cross-cultural norms and expectations influence the observed variation among companies.Another line of inquiry could examine how these nonfinancial communications contribute to sensemaking and sensegiving between companies and their stakeholders (Morsing and Schultz, 2006;Basu and Palazzo, 2008).
This study contributes to the emerging interest in ICT transparency reporting.And there is more research to be done.Transparency reporting practices have evolved over the past decade and have been voluntarily adopted by a diverse group of ICT companies across the globe (e.g.Atlassian, Comcast, Etsy, LinkedIn, Pornhub, Slack, Wikimedia and Zoom).This study has been exploratory, with the aim to identify patterns and to reveal how ICT transparency reporting is used to maintain corporate legitimacy, power and position.
With increased attention from policymakers and the public, the legal landscape on Big Tech disclosures is primed to change (Keller, 2023;Nos ak, 2021).These changes can come from US regulators (Texas HB 20, 2021;Florida SB 7072, 2021), EU regulators (Digital Services Act [DSA]) and other governments, like India, China and Australia (Masnick, 2023b).And as policymakers enact new regulations, transparency reports can offer valuable insights to researchers interested in evaluating the effects of new policies on ICT companies (Masnick, 2023a).Thus, as the legal landscape continues to evolve for Big Tech companies, these transparency reports will continue to be of interest to ICT companies, stakeholders and researchers.

Table 2
Exemplars of motivating principles j SOCIAL RESPONSIBILITY JOURNAL j

Table 3
Exemplars of company positioning

Table 4
Exemplars of CSR communication strategies With our transparency report, we would like to contribute to making existing grievances and legal realities public and allowing them to be debated.(Posteo) We want to stimulate a public discussion about why and when companies are required to disclose data to government agencies.(Uber) We make this data available to the public to help enhance the transparency of government surveillance programs and to promote an open dialogue about the important privacy, law enforcement and national security issues raised by those programs.(Comcast) We hope this report is useful to our users and adds to the important public debate about the proper role of government in monitoring and policing activity on the modern internet.(WordPress)