Center for Digital Democracy v. Federal Trade Commission

189 F. Supp. 3d 151, 2016 U.S. Dist. LEXIS 71099, 2016 WL 3093369

• Court: District Court, District of Columbia
• Decided: June 1, 2016
• Docket: Civil Action No. 2014-2084
• Status: Published

Opinion

MEMORANDUM OPINION

Amit P. Mehta, United States District • Judge

I. INTRODUCTION

Under the Children’s Online Privacy Protection Act of 1998, Congress tasked the Federal Trade Commission (“FTC”) with issuing and enforcing regulations designed to protect the online privacy and safety of children. To carry out its statutory mandate, the FTC issued what is known as the Children’s Online Privacy Protection Rule, or the “COPPA Rule.” The COPPA Rule imposes upon both online services and individual websites directed at children requirements concerning the collection, use, and disclosure of personal information regarding children under the age of 13. Although the FTC crafted thé COPPA Rule, under the. Privacy Protection Act’s regulatory scheme, the Rule itself is primarily enforced not by the FTC but by private entities known as “safe harbor programs.” These safe harbor programs, which the FTC must review and approve, design their own rules — which must be at least as robust as the COPPA Rule — and then work to ensure that the program’s subscribers (online services and websites directed at children, who pay the program a fee) comply with those rules.

In 2014, the FTC began requiring safe harbor programs to submit annual reports to the agency. The reports, generally speaking, are required to contain information concerning each safe harbor program’s monitoring and enforcement of their members. However, due to a lack of clarity in the FTC’s rules regarding what the reports must include, the 2014 reports varied dramatically in terms of the information and data provided.

Plaintiff Center for Digital Democracy brought this suit against the FTC under the Freedom of Information Act (“FOIA”) to obtain access to the first round of annual reports. The FTC disclosed the annual reports to Plaintiff, but in redacted form. According to the FTC, the redactions were necessary to protect the programs’ trade secrets or non-public commercial or financial information. The dispute in this case centers on whether the FTC redacted the reports consistent with FOIA.

Before the court is Defendant’s Motion for Summary Judgment and Plaintiffs Cross-Motion for Summary Judgment. Upon consideration of the parties’ submissions and the record, the court grants Defendant FTC’s Motion for Summary Judgment and denies Plaintiffs Cross-Motion for Summary Judgment.

II. BACKGROUND

A. Factual Background

1. COPPA and FTC Enforcement

In 1998, Congress enacted the Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. §§ 6501-6506, in order to protect children under 13 years of age who use the Internet. The statute imposed certain requirements on operators of websites and online services directed at young children, and instructed the FTC to issue and enforce regulations implementing the statute. 15 U.S.C. § 6502(b); Def.’s Statement of Material Facts, ECF No. 6 [hereinafter Def.’s Facts], ¶ 1. To carry out Congress’ directive, the FTC issued the COPPA Rule, which applies to “any operator of a Web site or online service directed to children, or any operator that has actual knowledge that it is collecting or maintaining personal information from a child.” 16 C.F.R. § 312.3. The COPPA Rule requires, among other things, that such websites and online services provide specific notice about the personal information they collect from children, how they use it, and their practices for disclosing it; obtain parental consent before collecting, using, or disclosing personal information from children; and establish procedures to protect the confidentiality and security of personal information collected from children. 16 C.F.R. §§ 312.3, 312.4-312.8. The FTC may bring enforcement actions against persons or operators who fail to comply with the COPPA Rule. See 15 U.S.C. §§ 6502(c), 6505(a) & (d).

2. Safe Harbor Programs

Although Congress left it to the FTC to develop rules to implement COPPA, in a rather unique regulatory scheme, it largely left the enforcement of those rules to private industry. The COPPA statute provides that operators of websites and online services directed at young children can comply with the statute “by following a set of self-regulatory guidelines, issued by representatives of the marketing or online industries or by other persons.” 15 U.S.C. § 6503(a); see also 16 C.F.R. § 312.11(g). Issuers of these guidelines are known as “safe harbor programs.” 16 C.F.R. § 312.11.

Congress adopted this “self-regulation” model to “develop[ ] an industry consensus on the appropriate level of protection to accord children’s privacy on commercial Internet sites” and to “encourage development and implementation of meaningful, effective self-regulatory activities and to provide basis for their wide-spread adoption.” S. 2326, Children’s Online Privacy Protection Act of 1998: Hearing Before the S. Subcomm. on Communications of the S. Comm, On Commerce, Science, and Transportation, 105th Cong. 11 (1998) (statement of Robert Pitofsky, Chairman, FTC). By allowing enforcement through safe harbor programs instead of through direct federal agency oversight, “Congress intended to ... promot[e] efficiency and flexibility in complying with COPPA’s substantive provisions.” Children’s Online Privacy Protection Rule, Final Rule Amendments, 78 Fed. Reg. 3,995-3,996 (Jan, 17, 2013). The FTC similarly has explained that the safe harbor program was meant to serve as an “incentive for industry self-regulation; by allowing flexibility in the development of self-regulatory guidelines, it ensures that the protections afforded children under this Rule are implemented in a manner that takes into account industry-specific concerns and technological developments,” Children’s Online Privacy Protection Rule, 1999 Statement of Basis and Purpose, 64 Fed. Reg. 59,906 (Nov. 3, 1999).

Safe harbor programs must be approved by the FTC. The FTC will approve a safe harbor program only after a public notice and comment period and upon a finding that the safe harbor program’s self-regulatory guidelines “meet the requirements” of the COPPA Rule. 15 U.S.C. § 6503(b)(2). Specifically, a safe harbor program must: (1) “provide substantially the same or greater protections for children” as the COPPA Rule; (2) implement “[a]n effective, mandatory mechanism for the independent assessment” of operators’ compliance that includes “a comprehensive review” of each operators’ “information policies, practices, and representations”; and (3) impose “[disciplinary actions for subject operators’ non-compliance with self-regulatory program guidelines.” 16 C.F.R. § 312.11(b); Def.’s Facts, ECF No. 6, ¶ 2; Plaintiffs Statement of Material Facts Not in Dispute and Response to Defendant’s Statement of Facts Not in Dispute, ECF No. 10-7 [hereinafter Pl.’s Facts], ¶ 1. Once the FTC approves a safe harbor program, operators of websites and online services covered by COP-PA can subscribe to it. By complying with the program’s guidelines, the operator or website will be in compliance with the COPPA Rule. Def.’s Mot. for Summ. J., ECF No. 6 [hereinafter Defs Mot.], Ex. J, Decl. of Kandi Parsons, ECF No. 6-2 [hereinafter Parsons Decl.] ¶ 3.

Safe harbor programs operate in a competitive market. Id, ¶ 6. They receive fees from subscribers and compete against one another to increase their subscriber base. Id, Each program attempts to distinguish itself from its competitors in a number of ways, including: (1) the strength of its privacy protections; (2) the compliance guidance it provides; (3) the sophistication and reliability of its privacy oversight technology; (4) the effectiveness of its approved parental consent methods; (5) its ability to resolve compliance issues; and (6) the trust its generates among parents of children who use the member websites or online services. Id,; Def.’s Facts ¶ 4; Pl.’s Facts ¶4. Many of the safe harbor programs offer a seal or certificate that members can display on their website to show that they belong to the program and are in compliance with COPPA. Parsons Decl. ¶7. A seal also may signify compliance with rules and guarantees specific to a particular safe harbor program. Safe harbor programs use these distinctive features to attract business. Id. ¶ 8.

At the time this action was filed, the FTC had approved seven safe harbor programs. PL’s Mot. for Summ. J., ECF No. 10 [hereinafter PL’s Mot.], at 3; Parsons Decl. ¶ 5. They are: Aristotle, the Children’s Advertising Review Unit (“CARU”), the Entertainment Software Rating Board (“ESRB”), iKeepSafe, kidSafe Seal Program (“kidSAFE”), Privacy Vaults Online (“PRIVO”), and True Ultimate Standards Everywhere (“TRUSTe”). Parsons Decl. ¶ 5.

S. Annual Reports

In 2013, the FTC amended the COPPA Rule to require that safe harbor programs submit annual reports to the agency. Children’s Online Privacy Protection Rule, Final Rule Amendments, 78 Fed. Reg. 3,972, 3,995-3,996 (Jan. 17, 2013). The FTC adopted the annual report filing requirement to “better ensure that all safe harbor programs keep sufficient records and that the Commission is routinely apprised of key information about the safe harbors’ programs and membership oversight.” Id. at 4002. The FTC also viewed the annual reports as a useful means of “informing] the Commission of the emergence of new feasible parental consent mechanisms for operators.” Id.

An annual report, “at a minimum,” must contain: (1) “an aggregated summary of the results” of the program’s compliance assessments; (2) “a description of any disciplinary action taken” against a program’s customer; and (3) a description of the program’s approval of any new methods for online services to obtain verifiable parental consent, even if such method is not specified in the COPPA Rule. 16 C.F.R. § 312.11(d)(1); Parsons Decl. ¶ 12. The rule does not specify what information must be provided in the “aggregated summary” component of the report. Nor does it require the program to identify its members who were the subject of “any disciplinary action taken.”

In May 2014, Defendant sent a letter to the safe harbor programs, reminding them of their annual filing obligation. The letter also made additional disclosure requests, not mandated by the agency’s regulations. Specifically, the FTC asked for: (1) information about any consumer complaints alleging that a member had violated the program guidelines and the program’s responses to such complaints; (2) records from any disciplinary action taken against a member; (3) confirmation that the program made at least one privacy assessment of each its members within the last year; and (4) the number of members assessed. Def.’s Facts ¶ 6; Parsons Decl. ¶ 12; Defs Mot., Ex. J2, ECF No. 6-2.

The lack of guidance offered by the regulations and reminder letter about the annual report’s expected contents and format led to a predictable result: 'the first round of annual reports differed substantially from one another. Defi’s Mot., Deck of Dione Jackson Stearns, ECF No. 6-1 [hereinafter Stearns Deck], ¶25 (the reports “did not contain uniform reporting mechanisms” and “varied considerably in the types of data reported[.]”). For example, kidSAFE’s annual report contained detailed information about its policies and a summary of the results of all assessment efforts made by the program, see Def.’s Mot., Ex. G, ECF No. 6-1 at 63, 1 while CARU submitted a mere page and a half of information with very little detail, see id. at 58.

A Plaintiffs FOIA Request

On July 2, 2014, Plaintiff Center for Digital Democracy submitted a FOIA request to the FTC seeking “all annual reports submitted by safe harbor programs as required by” the COPPA Rule. Compl. ¶ 5; Defi’s Mot., Ex. A, ECF No. 6-1. The FTC’s FOIA Unit then located six annual reports — one from each approved safe harbor program 2 — along with two supplemental reports submitted by the safe harbor program TRUSTe. Def.’s Mot., Ex. I, Deck of Jonathan William Hill, ECF No. 6-2 [hereinafter Hill Deck], ¶ 9. The responsive documents. totaled eighty-eight pages. Defi’s Facts ¶9; Hill Deck ¶9. The FOIA Unit determined that the reports contained “varying amounts of confidential commercial information and voluntary disclosures exceeding the annual reporting requirements,” Def.’s Facts ¶ 10, and accordingly began the redaction process, id. ¶11.

As a part of the redaction process, the FTC informed all six programs in September 2014 that their annual reports were subject to FOIA disclosure, and requested that each program comment on a preliminary set of proposed redactions to its respective report. Stearns Decl. ¶¶8, 27; Def.’s Mot., Ex. D, ECF No. 6-1. Four safe harbor programs responded to the FTC’s request. Stearns Decl. ¶ 9. In addition, the FOIA Unit consulted with FTC economic and legal experts about potential redac-tions. Id.; Def.’s Facts ¶ 13. Based upon the comments and consultations, the FOIA Unit modified its initial redactions and sent advance copies of the annual reports, with finalized redactions, to each safe harbor program in January 2015. Def.’s Facts ¶¶ 14-15; Defi’s Mot., Exs. E-F, ECF No. 6-1 (letter to PRIVO and proposed redacted annual report). By February 25, 2015, the FOIA Unit had produced-to Plaintiff all six safe harbor programs’ annual reports. Def.’s Facts ¶¶ 16-19; Def.’s Mot., Ex. G, ECF No. 6-1; Defs Mot., Ex. H, ECF No. 6-2. All told, the FTC’s response consisted of 88 pages — two pages in full, 36 pages with redactions, and 50 fully-withheld pages. Pl.’s Mot. at 5; Stearns Decl. ¶ 13.

B. Procedural History

On December 11, 2014, Plaintiff filed suit in this court under FOIA, challenging the FTC’s decision to withhold and redact certain pages of the annual reports. Plaintiff requested that the court order Defendant to “process immediately the requested records in their entirety” and “disclose the requested records in their entirety” to Plaintiff.' Compl., ECF No. 1. On March 23, 2015, Defendant filed a Motion for Summary Judgment. See generally Def.’s Mot. In that motion, Defendant identified eight categories of information it asserted were exempt from disclosure: (1) nonpublic interpretations and analyses of the COP-PA Rule; (2) self-regulatory assessments not required by the COPPA Rule; (3) business development plans; (4) compliance oversight tools and logistics; (5) membership statistics and market shares; (6) member correspondence regarding compliance issues; (7) remediation ' and disciplinary rates; and (8) the identity of members subject to discipline, Defs Mot. at 5-6. These categories of information, the FTC argued, were properly withheld pursuant to Exemptions 3 and 4 of FOIA, 5 U.S.C. § 552(b), and Section 6(f) of the Federal Trade Commission Act, 15 U.S.C. § 46(f).

Plaintiff filed a Cross-Motion for Summary Judgment on May 20, 2015. See generally PL’s Mot. In it, Plaintiff “narrow[ed] its challenge to [Defendant’s] handling of its FOIA request” by not contesting the withholdings as to five categories of information. Id. at 6. Still, Plaintiff maintained its challenge as to three categories of withheld information: (1) interpretations and analyses of the COPPA Rule; (2) membership statistics and market shares; and (3) remediation and disciplinary rates. PL’s Mot. at 6. Plaintiff argued that the information falling under those categories was improperly withheld and must be disclosed under FOIA. PL’s Mot. at 6, 22. Defendant’s and Plaintiffs motions thus focus on whether those three categories of information are exempt from disclosure under FOIA.

III. LEGAL STANDARDS

A. Standard for Motion for Summary Judgment

A court shall grant summary judgment “if the movant shows that there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(a). To make this determination, the court must “view the facts and draw reasonable inferences in the light most favorable to the [non-moving] party.” Scott v. Harris, 550 U.S. 372, 378, 127 S.Ct. 1769, 167 L.Ed.2d 686 (2007) (citations and internal quotation marks omitted). A dispute is “genuine” only if a reasonable fact-finder could find for the nonmoving party, and a fact is “material” only if it is capable of affecting the outcome of litigation. Anderson v. Liberty Lobby, 477 U.S. 242, 248, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986). A non-material factual dispute must not prevent the court from granting summary judgment. See id. at 248-50, 106 S.Ct. 2505.

Most FOIA cases are appropriately decided on motions for summary judgment. See Defenders of Wildlife v. U.S. Border Patrol, 623 F.Supp.2d 83, 87 (D.D.C.2009). A court may award summary judgment in a FOIA case by relying on the information included in the agency’s affidavits or declarations if they are “relatively detailed and non-conclusory,” SafeCard Servs., Inc. v. SEC, 926 F.2d 1197, 1200 (D.C.Cir.1991) (citations and internal quotation marks omitted), and describe “the documents and the justifications for nondisclosure with reasonably specific detail, demonstrate that the information withheld logically falls within the claimed exemption, and are not controverted by either contrary evidence in the record nor by evidence of agency bad faith,” Military Audit Project v. Casey, 656 F.2d 724, 738 (D.C.Cir.1981).

It is the government agency’s burden to prove that it has complied with its obligations under FOIA. DOJ v. Tax Analysts, 492 U.S. 136, 142 n. 3, 109 S.Ct. 2841, 106 L.Ed.2d 112 (1989). To prevail on a motion for summary judgment, the agency must demonstrate that “each document that falls within the class requested either has been produced, is unidentifiable, or is wholly exempt from the Act’s inspection requirements.” Goland v. CIA, 607 F.2d 339, 352 (D.C.Cir.1978); see also Students Against Genocide v. Dep’t of State, 257 F.3d 828, 833 (D.C.Cir.2001). “Unlike the review of other agency action that must be upheld if supported by substantial evidence and not arbitrary or capricious, the FOIA expressly places the burden ‘on the agency to sustain its action’ and directs the district courts to ‘determine the matter rife novo.’ ” DOJ v. Reporters Comm. for Freedom of Press, 489 U.S. 749, 755, 109 S.Ct. 1468, 103 L.Ed.2d 774 (1989) (quoting 5 U.S.C. § 552(a)(4)(B)).

B. Applicable Exemption Legal Standards

Defendant argues that the three disputed categories of information were properly withheld under (1) the combination of FOIA Exemption 3 and Section 6(f) of the Federal Trade Commission Act (“FTC Act”) and (2) FOIA Exemption 4. Def.’s Mot. at 13-14. The applicable legal standards as to each is set forth below.

1. FOIA Exemption 3 and the FTC Act

FOIA Exemption 3 permits an agency to withhold information that is

specifically exempted from disclosure by statute ... [if] that statute (A) (i) requires that the matters be withheld from the public in such a manner as to leave no discretion on the issue; or (ii) establishes particular criteria for withholding or refers to particular types of matters to be withheld.

5 U.S.C. § 552(b)(3). “When analyzing whether the defendant is entitled to invoke Exemption 3, the court need not examine the detailed factual contents of specific documents withheld; rather, the sole issue for decision is the existence of a relevant statute and the inclusion of withheld material within the statute’s coverage.” James Madison Project v. C.I.A., 607 F.Supp.2d 109, 126 (D.D.C.2009) (internal quotation marks omitted).

Here, the relevant statute invoked is Section 6(f). of the FTC Act. Section 6(f) prohibits the FTC from “mak[ing] public any trade secret or any commercial or financial information which is obtained from any person and which is privileged or confidential.” 15 U.S.C. § 46(f). Because Section 6(f) of the FTC Act mandates the withholding of certain information, FOIA Exemption 3 also protects against its disclosure. Thus, Section 6(f) and Exemption 3 operate in tandem in this case.

2. FOIA Exemption k

The application of Section 6(f) and Exemption 3 depends, in turn, on the standards for withholding under FOIA Exemption 4. That is because Section 6(f) largely parrots the text of FOIA Exemption 4. Where Section 6(f) prohibits “mak[ing] public any trade secret or any commercial or financial information which is obtained from any person and which is privileged or confidential,” 15 U.S.C. § 46(f), FOIA Exemption 4 requires the withholding of information that qualifies as “trade secrets and commercial or financial information obtained from a person and privileged or confidential.” 5 U.S.C. § 552(b)(4); Nat'l Parks & Conservation Ass’n v. Morton, 498 F.2d 765, 766 (D.C.Cir.1974). By adopting such parallel text, Congress intended for Section 6(f) “to remove any discretionary authority that the Commission has to make public any information which is exempt from disclosure under the Fourth Exemption of the Freedom of Information Act.” H.R. Rep. No. 96-917, at 28 (1980) (Conf. Rep.), as reprinted in 1980 U.S.C.C.A.N. 1143, 1144. As a result, FOIA Exemption 3 and Section 6(f) of the FTC Act are “coextensive” with FOIA Exemption 4. Doherty v. F.T.C., 1981 WL 2094, at *2 (D.D.C. June 24, 1981). Exemption 4’s legal standards, therefore, are controlling in this case.

The Court of Appeals has observed that Exemption 4 contains two threshold requirements: the information must be (1) “obtained from a person” and (2) “commercial or. financial.” See Wash. Post Co. v. Dep’t of Health and Human Servs., 690 F.2d 252, 266 (D.C.Cir.1982) [hereinafter Wash. Post, Co. /]. If these threshold requirements are met, the court then must determine if the information is “privileged or confidential.” Id. Here, there is no dispute that the information at issue was both (1)obtained from a person and (2) commercial. See generally Pl.’s Mot. The parties, however, join issue over whether the three contested categories of information contained in the annual reports were “confidential."

Our Court of Appeals has developed two tests to determine whether information is confidential under Exemption 4. Which test applies depends on the manner in which the government agency obtained the information .at issue. When an agency receives the sought-after information by way of a mandatory disclosure, the information is considered confidential for purposes of FOIA Exemption 4 if disclosure is likely (1) to impair the agency’s ability to obtain the information in the future or (2) to cause substantial harm to the competitive position of the source of the information. Nat’l Parks, 498 F.2d at 770. The inquiry is an objective one. See Wash. Post Co. I., 690 F.2d at 268.

A different test applies when an agency receives information by way of a voluntary disclosure. In that case, the information is confidential for purposes of Exemption 4 if it is “of a kind that would customarily not be released to the public by the person from whom it was obtained.” Critical Mass Energy Project v. Nuclear Regulatory Comm’n, 975 F.2d 871, 879 (D.C.Cir.1992).

Here, the parties agree that the National Parks mandatory-disclosure test applies, because the safe harbor programs submitted the contested information pursuant to the FTC’s annual report filing rule. 3 See Def.’s Mot. at 19-20,25-26, 28-30; Def.’s Reply in Support of its Mot. for Summ. J. and Opp’n to Pl.’s Cross-Motion for Pai’tial Summ. J., ECF No. 12 [hereinafter Def.’s Reply], at 3 n.l (conceding that “[s]ince the disputed information was part of mandatory disclosures, National Parks is the governing test”); Pl.’s Mot. at 10. Thus, the information withheld from the safe harbor programs’ annual reports is confidential for purposes of Exemption 4 if its disclosure likely would impair the government’s ability to gather information, Wash. Post Co. v. Dep’t of Health and Human Servs., 865 F.2d 320, 326 (D.C.Cir.1989) [hereinafter Wash. Post Co. IT], or would cause “substantial harm to the competitive position” of the program from which the information was obtained, Pub. Citizen Health Research Grp. v. FDA, 704 F.2d 1280, 1290-91 (D.C.Cir.1983) [hereinafter Pub. Citizen T],

Because Defendant invokes both prongs of the National Parks test to justify its withholdings in this case, the court addresses each in more detail below,

a; The government’s ability to gather information

Whether the disclosure of information is likely to impair the government’s ability to gather information — the first National Parks prong — involves a “rough balancing of. the extent of the impairment and the importance of the information against the public interest in disclosure.” Wash. Post Co. I, 690 F.2d at 269. The potential for impairment in gathering information is not limited to the question whether an agency has power to compel disclosure in the future. Id. at 268 (stating' “whether disclosure is mandatory is certainly a factor in deciding whéther the government’s access to information is likely to be impaired” (emphasis added)). Rather, it encompasses the possibility that suppliers of information, as a consequence of public disclosure, will narrowly construe the government’s requests and thereby seriously impair the government’s information-gathering ability. See id. at 269; Wash. Post Co. II, 865 F.2d at 325 (framing the question as “whether public disclosure would cause individuals to so narrowly construe the requests for information ... that the government’s information-gathering ability would be seriously impaired”). “Thus, when dealing with a FOIA request for information the provider is required to supply, the governmental impact inquiry will focus on the possible .effect of disclosure on [the] quality [of the information].” Critical Mass Energy Project, 975 F.2d at 878.

But, as with other FOIA exemptions, Exemption 4 is to be read narrowly in light of FOIA’s “dominant disclosure motif.” Wash. Post Co. II, 865 F.2d at 324. Consequently, “minor disadvantages flowing from disclosure cannot overcome the disclosure mandate of FOIA.” Id. at 327 (citation omitted) (internal quotation marks omitted). In the end, information that should be supplied under FOIA “will be withheld only when the affirmative interests in disclosure on the one side are outweighed by the factors ... militating against disclosure on the other.” Id.

b. Harm to information supplier’s competitive position

With respect to the second prong of the National Parks test — whether disclosure likely would cause substantial harm to the competitive position of the person who supplied the information — the court “need not conduct a sophisticated economic analysis of the likely effects of disclosure” to decide if substantial competitive harm would occur. Pub. Citizen 1, 704 F.2d at 1291 (citation omitted). An agency, of course, must offer more than a concluso-ry and generalized allegation of substantial harm to support its withholding of information. See id. It need not, however, “show actual competitive harm.” Id. Rather, “evidence revealing-actual competition and the likelihood of substantial competitive injury is sufficient to bring commercial information within the realm of confidentiality.” Id. (citation omitted) (internal quotation marks-omitted); see also McDonnell Douglas Corp. v. U.S. Dep’t of the Air Force, 375 F.3d 1182, 1187 (D.C.Cir.2004) (stating that parties do not have to “prove disclosure, certainly would cause it substantial competitive harm, but only that disclosure would ‘likely do so”).

IY. DISCUSSION

The court now turns to the three contested categories of information and analyzes whether each is confidential, and thus properly withheld by Defendant, under the test set forth in National Parks.

A. Non-Public Analyses of the COPPA Rule

Annual reports must contain an “aggregated summary” of a safe harbor program’s independent assessment of its members’ compliance with the program’s guidelines. 16 C.F.R. § 312.11(d)(1). Three of the programs — CARU, ESRB, and Md-SAFE — supplied that information in a chart, “listing the compliance issues detected by the programs and the number of members associated with those issues.” Def.’s Mot. at 19 (citing Parsons Deck ¶ 19). The kidSAFE-report also included a separate chart with its analysis of the different types of consumer complaints it received. Def.’s Mot., Ex. G,-ECF No. 6-1. Although Defendant produced portions of each chart to the extent “they contained straightforward recitations or discussions of the COPPA Rule,” it withheld “portions of the charts reflecting the safe harbor programs’ unique, nonpublic analyses of how the [COPPA] Rule should be implemented in various settings.”- Parsons Decl. ¶ 19. Plaintiff challenges the idea that the programs’ interpretations and analyses of the COPPA Rule are confidential and subject to Exemption 4. Pb’s Mot. at 11-13.

In support of these redactions, Defendant primarily argues that the safe harbor programs’ analyses “are confidential because their release would subject the safe harbor programs that developed them to substantial competitive injury.” Def.’s Mot. at 20. It also argues that disclosure of these analyses “would likely impair the agency’s ability to obtain necessary information in the future.” Id. The court considers each of these justifications in turn.

1. Disclosure Likely Would Cause Substantial Competitive Injury

Defendant offers three declarations to support its claim that disclosure of the programs’ non-public analyses of the COP-PA Rule likely would cause substantial competitive injury. .The primary declaration comes from Kandi Parsons, an FTC lawyer responsible for implementing COP-PA and who has knowledge of the industry and the approved programs. Parsons Deck ¶2. Parsons attested that “COPPA safe harbor programs make nuanced determinations of how the Rule should apply to diverse business models in a rapidly evolving technological marketplace. .,. If rivals could obtain these analyses [of COPPA], they could use them to improve their own oversight functions and compliance advice, thereby diverting business from the programs that developed the analyses.” Id. ¶ 19. According to Parsons, she consulted with the FTC’s Bureau of Economists “to verily our understanding of what information should be considered confidential in this competitive, evolving marketplace.” Id. ¶ 16.

Defendant also relies on declarations filed by executives from two safe harbor programs — ESRB and kidSAFE. Dona Fraser, Vice President of ESRB Privacy Certified, attested that her company offers a safe harbor program “that provides a workable and user-friendly compliance solution for its member companies.” Def.’s Mot., Ex. L, Declaration of Dona J. Fraser (ESRB), ECF No. 6-2 [hereinafter Fraser Deck], ¶ 4. Furthermore, according to Fraser, her company’s program has “defined and developed ‘Compliance Issues’ that differ substantially from the more complex formulation available in the COPPA Rule and, in many instances, has exceeded the COPPA Rule requirements.” Id. Fraser attested that this is the kind of information that ESRB “would not customarily disclose to the public.” Id. ¶ 6. kidSAFE’s founder and President, Shai Samet, similarly stated that “any information pertaining to [kidSAFE’s] compliance enforcement activities, including any legal analysis” is deemed confidential by kid-SAFE. Def.’s Mot., Ex. 0, Declaration of Shai Samet (kidSAFE), ECF No. 6-2 [hereinafter Samet Deck], ¶ 6(f),

Plaintiff, for its part, does not dispute any of the evidence offered by Defendant or offer any contrary evidence of its own. As a result, Defendant’s evidence of competitive harm, such as it is, stands unre-butted; therefore, this record presents no genuine dispute about an issue of material fact. The sole remaining question then is whether Defendant has carried its burden of proving that the withheld information is exempt from disclosure. See Pub. Citizen Health Research Grp. v. FDA, 185 F.3d 898, 904 (D.C.Cir.1999) [hereinafter Public Citizen II].

Plaintiff, at least initially, does not argue that Defendant has failed to meet its evi-dentiary burden. Instead, Plaintiff argues that “the FTC’s theory of competitive harm directly contradicts the agency’s goals of ensuring COPPA compliance.” Pk’s Mot. at 11. Plaintiff contends that “public access to this information would actually improve” the quality of the safe harbor programs because it would lead to more robust enforcement. Id. at 11-12. Essentially, Plaintiff contends that if one safe harbor program's interpretation of the COPPA Rule leads to better compliance or more effective enforcement, other programs could emulate that success if the interpretation of the Rule were public. Id. Plaintiff also argues that maintaining confidentiality over safe harbor programs’ analyses of the COPPA Rule amounts to encouraging the development of “secret law.” Id. at 12. Lastly, Plaintiff suggests that Congress “intended that safe harbor providers enforce the law in public and that the process be open” and that “COP-PA enforcement should be transparent.” Id.

None of those arguments is well taken. In a nutshell, Plaintiffs central argument is that it would be good policy to release these withheld legal analyses because, if they were public, safe harbor programs could use their competitors’ analysis of the COPPA Rule to improve their own enforcement of COPPA, thereby promoting overall effectiveness and transparency in enforcement. Yet, as Defendant rightly contends, 4 the law does not allow this sort of “consequentialist” argument to defeat the otherwise proper withholding of information under Exemption 4. Pub. Citizen II, 185 F.3d at 904.

In Public Citizen II, the plaintiff argued for disclosure of certain information because “disclosure would prevent other drug companies” from making the same mistakes one drug company had which would “thereby avoid[] risk to human health.” Id. at 903. The court rejected that argument, holding that it was not “open to [the plaintiff] ... to bolster the case for disclosure by claiming an additional public benefit in that, if the information is disclosed, then other drug companies will not conduct risk clinical trials,” Id. at 904. The public interest under FOIA, the Court of Appeals observed, is rooted in discovering what “the government is up to,” not “any collateral benefits of disclosure.” Id. So it is here. Plaintiffs argument that the COP-PA Rule would function better if safe harbor programs’ interpretation of the Rule were made public does not bolster the case for disclosure. Indeed, the impact that public disclosure would have on the efficacy of the COPPA Rule is irrelevant.

In its reply brief, Plaintiff takes a different tack. Invoking the language of eviden-tiary burdens, Plaintiff contends that Defendant’s justification for the withholdings is “insufficient” because the safe harbor programs’ “publicly disclosed guidelines already contain [their] unique legal analyses of the COPPA Rule that competitors can incorporate into their own safe harbor programs.” Pl.’s Reply in Support of its Cross-Motion' for Partial Summ. J., ECF No. 13 [hereinafter Pl.’s Reply], at 4. Plaintiff cites 16 C.F.R. § 312.11(c), which sets forth what a proposed safe harbor program must include in its application for approval. For instance, a proposed program must include a “copy of the full text of the guidelines for which approval is sought and any accompanying commentary.” Id. ’ § 312.11(c)(2). From this, Plaintiff seems to argue that the disclosure of the withheld COPPA Rule analyses cannot cause “substantial harm” to the safe harbor programs because much of what they consider unique about their approaches to COPPA interpretation and enforcement is already public, PL’s Reply at 5 (arguing “the public availability of the self-regulatory guidelines undercuts the FTC’s contention that a few safe harbor providers’ legal analyses are secret and must be withheld to avoid competitive harm”).

This argument suffers from two fatal flaws. First, it comes too late. “[I]t is a well-settled prudential doctrine that courts generally will not entertain new arguments first raised in a reply brief.” Benton v. Laborers’ Joint Training Fund, 121 F.Supp.3d 41, 51 (D.D.C.2015) (citation and internal quotation marks omitted); see also McBride v. Merrell Dow & Pharm., 800 F.2d 1208, 1211 (D.C.Cir.1986) (“Considering an argument advanced for the first time in a reply brief ... is not only unfair. ..., but also entails the risk of an improvident or ill-advised opinion on the legal issues tendered.” (citation omitted)). Second, Plaintiffs belated argument does not defeat Defendant’s contention that the programs would suffer a competitive disadvantage from the disclosure of “unique, nonpublic analyses of how the [COPPA] Rule should be implemented in various settings .. in a rapidly evolving technological marketplace.” Parsons Decl. ¶ 19 (emphasis added). The fact that the safe harbor programs’ guidelines and eommen- tary are public does not divest a company’s specific application of those guidelines of commercial value. In a marketplace where companies compete — as even Plaintiff concedes — on the basis of, among other things, “compliance advice” and “fairness and diligence when resolving compliance issues,” Def.’s Facts ¶ 4; Pl.’s Facts ¶ 1, how a company interprets the COPPA Rule in a specific setting may well give it a competitive advantage.

The court returns then to the ultimate question on summary judgment: Has Defendant carried its burden of proving that the disclosure of the safe harbor programs’ nonpublic analyses of the COPPA rule is likely to cause substantial harm to their competitive positions? The court finds that it has. Defendant has shown both “actual competition” among the safe harbor programs, Pub. Citizen I, 704 F.2d at 1291 (citation omitted), and a likelihood of substantial competitive injury if the programs’ analyses were to be disclosed, see id. Although Defendant’s evidence of likely competitive harm does not rely on econometric modeling or similar analysis, such sophisticated economic analysis is not required in this context. See id, (observing that “the court need not conduct a sophisticated economic analysis of the likely effects of disclosure”). Defendant’s in-house expert on the COPPA Rule and the safe harbor program marketplace, in consultation with agency economists, has predicted, without contradiction, that if the rivals of CARU, ESRB, and kidSAFE could obtain those three programs’ nonpublic anal-yses of the COPPA Rule, the rivals could improve their oversight functions and compliance advice, thereby causing CARU, ESRB, and kidSAFE to become competitively disadvantaged. See Pub. Citizen II, 185 F.3d at 905. Two safe harbor program representatives have said, under oath, that they have the same competitive concerns. Such evidence, taken together, is sufficient to meet the agency’s burden under Exemption 4.

2. Disclosure Likely Would Impair the Agency’s Ability to Gather Information

The court also agrees with Defendant that the programs’ non-public analyses are confidential for purposes of Exemption 4 because disclosure of that information likely would impair the FTC’s ability to obtain such information in the future.

It is important to put the annual report filing requirement in some context. Although Congress directed the FTC to adopt regulations to implement COPPA, 15 U.S.C. § 6501(b), it vested primary responsibility for monitoring and enforcing operators’ compliance with the COP-PA Rule with the safp harbor programs, not the FTC, 5 id. § 6503(a) (“[A]n operator may satisfy the requirements of regulations ... by following a set of self-regulatory guidelines, issued by [approved] representatives of marketing or online industries, or by other [approved] persons[.]”). Congress did not require website and online services operators to submit reports to the FTC about their compliance efforts; nor did it mandate any regular reporting from the safe harbor programs. It was the FTC who created a public reporting mechanism by developing and adopting the annual filing requirement. See Children’s Online Privacy Protection Rule, Final Rule Amendments, 78 Fed. Reg. 3,972, 3,995-3,996 (Jan. 17, 2013). Furthermore, the primary purpose of the annual reporting rule was to enable the FTC to gather information. The FTC viewed the annual report as a way to stay “apprised of key information about the safe harbors’ programs and membership oversight” and “the emergence of new feasible parental consent mechanisms for operators.” Id. at 4002.

Although the annual reporting rule’s primary function is information-gathering, the FTC has largely left it up to the safe harbor programs to decide how much information to actually disclose." The' programs have such autonomy for three main reasons. First, the scope of information sought by the annual reporting rule is quite modest. Annual reports must contain only three categories of information: (1) “an aggregated summary of the results” of the program’s compliance assessments; (2) “a description of any disciplinary action taken” against a program’s customer; and (3) a description of the program’s approval of any new methods for online services to obtain verifiable parental consent, even if such method is not specified in the COPPA Rule. 16 C.F.R. § 312.11(d)(1); Parsons Decl. ¶ 12. Given the rule’s limited mandar tory disclosures, the FTC has relied on voluntary disclosures to acquire more information. So, for instance, when the FTC sent reminders about the reporting requirement to the safe harbor programs, it also asked the companies to voluntarily disclose additional information about consumer complaints and response to such complaints, as well as other information. See Parsons Decl. ¶ 12 & Ex. J2.

Second, the text of the annual filing rule leaves plenty of room for interpretation. For example, the key term “aggregated summary” is nowhere defined, thus allowing safe harbor programs ample opportunity to narrowly construe that reporting requirement. See Wash. Post Co. I, 690 F.2d at 268-69 (observing that where a disclosure requirement “leaves room for interpretation” the reporter may construe the “requirement narrowly” and exclude responsive information). That the programs, in fact, did so here is amply demonstrated on this record. See Parsons Decl. ¶ 15 (“[T]he 2014 safe harbor reports varied widely in their depth and breadth and in the types of information they provided beyond the ■ bare legal requirements.”). Some of them — such as kidSAFE — submitted multi-page, detailed reports containing the requested information. Def.’s Mot., Ex. G at 63. Others — such as CARU — submitted only short letters containing terse entries corresponding to the requested information. Id. at 58. ■

Finally, it is reasonable to conclude that the prospect of public disclosure provides a disincentive to safe harbor programs to provide information to the FTC. The FTC’s counsel, Kandi Parsons, attested that two safe harbor representatives have said that they “would like to give the FTC additional information in their annual reports [but] they are concerned that this will reveal their confidential information to the public and subject them to a competitive disadvantage.” Parsons Decl. ¶ 15. Additionally, a number of the safe harbor program affiants attested that some of the information included in the annual report was not the kind of information they ordinarily would make public. See, e.g., Fraser Decl. ¶ 6; Samet Decl. ¶ 8. Thus, it is not difficult to fathom that, in the future, in order to avoid public disclosure of information that they consider proprietary or confidential, safe harbor programs would reduce the amount and kind of information that they provide to the FTC.

Against this backdrop, the court has little trouble finding that the disclosure of the safe harbor programs’ nonpublic analy-ses and interpretation of the COPPA Rule would make it more difficult for the FTC to obtain such information in the future. The three safe harbor programs disclosed their nonpublic analyses as part of their respective “aggregated summary” of their compliance assessments. If such analyses from the 2014 annual reports were publicly disclosed, it is easy to envision that no safe harbor program would supply such information in future filings, thereby depriving the FTC of important and useful information. The agency’s significant interest in encouraging safe harbor programs to supply such analyses, and like information, in future filings thus weighs against public disclosure.

Plaintiff argues that Defendant’s impairment argument is “illogical” because the agency simply could modify its rules to compel disclosure. Pi’s Reply at 5 (“Because the agency has ample authority to compel the disclosure of the withheld records, releasing those records would not impair its ability to obtain similar information in the future.”). But that argument proves too much. True, the FTC theoretically could amend its regulations, after notice and comment, to demand specific disclosures. But the construct envisioned by Plaintiff would create a game of “cat and mouse” in which the agency is regularly modifying the disclosure requirements to capture the information private parties are reluctant to disclose. The inefficiencies inherent in such a process would impair the FTC’s information-gathering ability.

Finally, the required “rough balancing” of the countervailing public interest in disclosure does not tip the balance in Plaintiffs favor. As discussed above, Congress set up a largely self-regulating marketplace, driven by industry standard-setting, to promote compliance with COPPA. No doubt Congress knew that information from private enterprises would be more difficult for the public to obtain under FOIA. But that is the balance it struck. Moreover, the public interest in the information Plaintiff seeks is less weighty here because it will not achieve the central purpose of FOIA, which is to inform citizens about “what the[] government is up to.” DOJ v. Reporters Comm. for Freedom of Press, 489 U.S. 749, 773, 109 S.Ct. 1468, 103 L.Ed.2d 774 (1989). The nonpublic analyses, if revealed, at most would disclose the inner workings of private safe harbor programs. It would tell the public little, if anything, about how the FTC itself operates. Accordingly, the court concludes that the safe harbor programs’ non-public analyses of the COPPA Rule was properly withheld under FOIA Exemption 4.

B. Membership Statistics and Market Shares of the Safe Harbor Programs

Next, Plaintiff seeks disclosure of the number of members, annual changes in membership, and market shares of each safe harbor program. Defendant asserts that this information was properly withheld under Exemption 4 — specifically, under the second prong of the National Parks test. Defendant argues that disclosure of this information could cause competitive injury because “[l]arge firms could use this membership data when trying to recruit members of smaller competitors, by asserting that those competitors have a lesser market share or are losing business, and ostensibly have less credibility as a result.” Parsons Decl. ¶ 18. Record evidence shows that the safe harbor programs themselves consider this information to be confidential. See, e.g., Fraser Decl. ¶ 6 (“The number of members is kept confidential due to the high level of competition amongst the Safe Harbors; membership retention is essential to EPC’s sustainability.”); Samet Decl. 116(c) (explaining that kidSAFE considers confidential “any information or statistics regarding the number of members seeking COPPA certification under KSP’s Safe Harbor program, including the number of participants whose data is included in the 2014 KSP Report[.]”); Def.’s Mot., Ex. Q, Declaration of Denise G. Tayloe (PRIVO), EOF No. 6-2 [hereinafter Tayloe Decl.] ¶ 4(a)-(b) (explaining that, in order to protect against “competitive damage,” PRIVO keeps confidential “the total number of entities and online properties tha!t are members of the PRIVO self-regulatory program” and “any information indicating a change in the number of members in the program over any period of time”). Defendant also argues that combining safe harbor programs’ membership data with disclosed data about compliance incidents would allow competitors to determine the percentage of members that were subjected to discipline or remediation. Parsons Deck ¶¶ 18, 24.

Plaintiff counters that the safe harbor programs’ membership statistics cannot be confidential as they are either publicly available or easily discoverable. Pl.’s Mot. at 14. Plaintiff points out that some programs state the number of members on their website. And because individual members display a' safe harbor program’s seal on their own websites, competing programs can conduct an online search to “learn whether a particular website is affiliated with a different program and solicit them accordingly.” Id. at 14-15. Furthermore, Plaintiff argues that any suggestion that competitors can combine membership statistics with other data to deduce remediation rates is “speculative and unsupported,” largely because much of the information at issue is already public. Id. at 15.

The court finds that market shares and membership information constitute “sensitive” and “non-public” information that is “precisely the kind of information that other courts have found to be protected under Exemption 4’s commercial-information privilege.” STS Energy Partners LP v. Fed. Energy Regulatory Comm’n, 82 F.Supp.3d 323, 330 (D.D.C.2015). Again, Defendant need only show “actual competition” and “the likelihood of substantial competitive injury” — rather than actual competitive harm — to bring commercial information under the cover of confidentiality. Pub. Citizen I, 704 F.2d at 1291. The court finds persuasive Defendant’s concern that, if each safe harbor program’s share of the market became public, competitors could (1) use that information to poach customers from smaller programs; and (2) combine it with mandatorily-disclosed disciplinary information to tabulate safe harbor programs’ rates of discipline, a fact that could easily be used to sway customers wary of facing remediation. See e.g., Parsons Decl. ¶ 18; Samet Decl. ¶ 6(c). The lack of any evidence from Plaintiff rebutting these concerns only bolsters the court’s finding.

Plaintiffs argument that the information at issue here is already public because cei'tain safe harbor programs make representations about how many customers they have, and because certain customers display seals of the safe harbor program they use on their websites, is unavailing. While it is true that the government cannot withhold information under FOIA that already is in the public domain, Afshar v. Dep’t of State, 702 F.2d 1125, 1130-34 (D.C.Cir.1983), it is not enough that “the same general type” of information is public, Customs & Int’l Trade Newsletter v. U.S. Customs & Border Prot., 588 F.Supp.2d 51, 58 (D.D.C.2008). Rather, the information sought through FOIA must be “identical” to the information already public. Id.

Here, Defendant has shown persuasively that the information withheld from the annual reports is different than that found in the public sphere. Def.’s Reply at 9-11. And if a competitor is able to easily acquire valuable information about a competitor through FOIA, “rather than the considerable costs- of private reproduction, they may be getting quite a bargain,” which could have ' “competitive consequences • not contemplated as part of FOIA’s principal aim of promoting openness in government.” Worthington Compressors, Inc. v. Costle, 662 F.2d 45, 51 (D.C.Cir.1981). That concern exists in this case: Plaintiff is of course free to count every website that uses a certain safe harbor program’s seal,' but disclosing specific membership and market share information through FOIA could lead to competitive harm for the safe harbor programs.

Plaintiff also contends that Defendant’s argument that membership rates and market shares are confidential because they could b.e combined with the number of disciplinary actions taken to compute rates of discipline is “speculative.” Pl.’s Mot. at 15. This is, by definition, at least partly true, as at issue in this lawsuit is the first round of annual reports required by the FTC, meaning that the results of disclosure have not yet been tested. Yet the test to show substantial economic harm does not require absolute certainty, as Defendant must only show that such harm is “likely.” McDonnell Douglas Corp., 375 F.3d at 1187. Through persuasive affidavits from both FTC employees and representatives of the safe harbor programs, Defendant has met its burden.

In sum, Defendant has shown that information about safe harbor programs’ membership statistics and market shares is protected from disclosure under FOIA Exemption 4.

C. Remediation and Disciplinary Rates

The last contested category of withheld information is the rate of safe harbor programs’ members that were subject to remediation or discipline. One program, PRIVO, included data revealing the percentage of its program members that required remedial action. Parsons Decl. ¶ 24. Defendant contends that if a safe harbor program’s rate of discipline were made public, competitors could recruit members by asserting that a particular program is either' too strict or too lax with enforcement. Defi’s Mot. at 29. Additionally, Defendant argues that the disclosure of rates of discipline would discourage safe harbor programs from including this type of information in future annual reports. Id. at 28. 6

Plaintiff sees things differently. It argues that no competitive harm would be caused by the disclosure of discipline rates because the safe harbor programs already have released the actual number of members. they have disciplined, including two safe harbor programs which disclosed that they took no disciplinary actions against their members. PL’s Mot. at 18-19. Thus, Plaintiff argues, competitors can already compute the discipline rates of certain safe harbor programs. Id. Plaintiff also contends that, because safe harbor programs are required to disclose in their annual reports any discipline or remediation they undertook against a member in the past year, 16 C.F.R. § 312.11(d)(1), there is no risk that the FTC will have trouble obtaining this information in the future. Id. at 20.

The court agrees with Defendant’s determination that the disclosure of discipline rates is likely to cause substantial competitive harm because competitors could use that information to convince potential customers that a rival is either too strict or too lenient. Parsons Decl. ¶24. That concern is supported by the declaration from PRIVO’s CEO, Denise Tayloe, who states that PRIVO does not disclose such information publicly because of “the competitive damage the public availability of such information would have for PRIVO vis a vis other self-regulatory programs.” Tayloe Decl. ¶ 4. Again, the relevant question is not whether such harm will occur; rather, it is whether the harm is “likely” to occur. McDonnel Douglas Corp., 375 F.3d at 1187. Here, Plaintiff has offered no evidence to contradict Defendant’s competitive concern. Based on the Parsons and Tayloe declarations, the court finds that Defendant has carried its burden óf showing the potential for competitive harm.

The court also concurs with Defendant’s assertion that disclosure of PRIVO’s remediation rate would discourage other safe harbor programs, and PRIVO itself, from disclosing it in the future. As already discussed, the annual filing rule provides safe harbor programs with wide latitude in determining what information to supply as part of its “aggregated summary” of compliance assessments. The disclosure of remediation rates, which the safe harbor programs consider sensitive business information, likely would discourage them from supplying it in the future. The loss of such information, would impair the FTC’s efforts to monitor how the safe harbor programs are working. Parsons Decl. ¶¶ 9-10. Although the public may have an interest in remediation rates, such information ultimately does not reveal what the “government is up to,” as Congress made a policy decision to vest private enterprises with primary enforcement authority over those subject to the COPPA Rule. The agency’s interest in avoiding impairment to its information-gathering function thus outweighs the public’s interest in disclosure.

D. Segregability

FOIA requires a government agency to disclose any “reasonably segregable” nonexempt information. 5 U.S.C. § 552(b). It is the agency’s burden to show that it' has done so. STS Energy Partners LP, 82 F.Supp.3d at 336. The agency must provide a “detailed justification” for the non-segregability of all information that is not released, but does not need “to provide so much detail that the exempt material would be effectively disclosed.” Johnson v. Exec. Office for U.S. Attorneys, 310 F.3d 771, 776 (D.C.Cir.2002) (citations omitted). Information that is “inextricably intertwined” with exempt material need not be disclosed. 5 U.S.C. § 552(b).

The court is satisfied that Defendant has shown that it produced all non-exempt information to Plaintiff and only segregated and redacted that which it (rightly) believed to be exempt from disclosure. Defendant prepared a comprehensive Vaughn index, describing each document or portion withheld, the exemption under which it was withheld, and the justification for doing so. See Def.’s Mot., Ex. J, Summary of Records Withheld in FOIA 2014-01098, EOF No. 6-2. In addition, FTC attorney Stearns stated that she reviewed every document of the production “line by-line” and determined that “all reasonably seg-regable portions of the relevant records” have been produced to Plaintiff. Stearns Decl. ¶ 51.-It also appears from the record that the FTC conducted multiple reviews of the reports, which resulted in the production of previously-redacted information. Id. ¶¶36, 47. The combination of the Vaughn index, the detailed review and redaction process employed by the FTC, and the sworn statements of an FTC attorney is sufficient to fulfill the agency’s obligation to show with “reasonable specificity” why the documents in question cannot be further segregated. See Exec. Office for U.S. Attorneys, 310 F.3d at 776.

Y. CONCLUSION

For the reasons set forth above, Defendant’s Motion for Summary Judgment is granted and Plaintiffs Cross-Motion for Summary Judgment is denied. A separate order accompanies this Memorandum Opinion.

1 . Some of the exhibits to Defendant's Motion for Summary Judgment contain multiple documents. As a result, the court refers to the ECF page number of the specific cited document.

2 . Although there are currently seven FTC-approved safe harbor programs, Plaintiff requested annual reports from only six programs because the seventh, iKeepSafe, did not gain approval until after the 2014 reporting period had closed and, therefore, it had not filed an annual report responsive to Plaintiffs FOIA request. Compl. ¶ 5; Def.’s Facts ¶ 7.

3 . Although Defendant notes that for voluntary disclosures, the Court of Appeals has stated that the more relaxed standard set out in Critical Mass applies, see Def.’s Mot. at 19, Defendant does not argue that the Critical Mass standard applies to any of the contested categories of information. Nor does either party conduct an analysis under Critical Mass to determine whether the contested information was properly withheld. Thus, the court assumes that the mandatory-disclosure test applies and conducts its analysis — as. the parties do — using the test set out in National Parks.

4 . Plaintiff asserts that Defendant "mischarac-terizes” its argument "as asking the court to balance the public benefits of disclosing the information against the competitive harm that might result.” Pl.’s Mot., at 3. The court disagrees. Even if Plaintiff did not expressly ask the court to "balance” the public benefit, it certainly rooted its argument in the purported collateral public benefits that disclosure would bring to enforcement of the COPPA Rule,

5 . Although primary responsibility for enforcement lies with the safe harbor programs, COPPA does grant the FTC and the States the authority to bring civil actions to enforce the FTC’s regulations. See 15 U.S.C. §§ 6504(a), (d).

6 . Defendant additionally argues that discipline rates are confidential because "their disclosure could cripple the effectiveness of the COPPA safe harbor program.” Id. Defendant suggests that information can be protected from disclosure under FOIA not only based on the two National Parks factors, but also because of "other interests,” Wash. Post Co. II, 865 F.2d at 327, including the possible “impairment of an agency’s ability to carry out its statutory purpose,” Judicial Watch, Inc. v. Export-Import Bank, 108 F.Supp.2d 19, 30 (D.D.C.2000). The court, however, does not reach this claimed "other interest” favoring non-disclosure, as the two main considerations weighing against disclosure identified in National Parks — serious competitive harm and impairment of government information-gathering — suffice in this case.