                           UNITED STATES DISTRICT COURT
                           FOR THE DISTRICT OF COLUMBIA

_________________________________________
                                          )
Center for Digital Democracy,             )
                                          )
      Plaintiff,                          )
                                          )
              v.                          )                Civil No. 14-cv-02084 (APM)
                                          )
Federal Trade Commission,                 )
                                          )
      Defendant.                          )
_________________________________________ )

                                 MEMORANDUM OPINION

I.     INTRODUCTION

       Under the Children’s Online Privacy Protection Act of 1998, Congress tasked the Federal

Trade Commission (“FTC”) with issuing and enforcing regulations designed to protect the online

privacy and safety of children. To carry out its statutory mandate, the FTC issued what is known

as the Children’s Online Privacy Protection Rule, or the “COPPA Rule.” The COPPA Rule

imposes upon both online services and individual websites directed at children requirements

concerning the collection, use, and disclosure of personal information regarding children under the

age of 13. Although the FTC crafted the COPPA Rule, under the Privacy Protection Act’s

regulatory scheme, the Rule itself is primarily enforced not by the FTC but by private entities

known as “safe harbor programs.” These safe harbor programs, which the FTC must review and

approve, design their own rules—which must be at least as robust as the COPPA Rule—and then

work to ensure that the program’s subscribers (online services and websites directed at children,

who pay the program a fee) comply with those rules.
       In 2014, the FTC began requiring safe harbor programs to submit annual reports to the

agency. The reports, generally speaking, are required to contain information concerning each safe

harbor program’s monitoring and enforcement of their members. However, due to a lack of clarity

in the FTC’s rules regarding what the reports must include, the 2014 reports varied dramatically

in terms of the information and data provided.

       Plaintiff Center for Digital Democracy brought this suit against the FTC under the Freedom

of Information Act (“FOIA”) to obtain access to the first round of annual reports. The FTC

disclosed the annual reports to Plaintiff, but in redacted form. According to the FTC, the redactions

were necessary to protect the programs’ trade secrets or non-public commercial or financial

information. The dispute in this case centers on whether the FTC redacted the reports consistent

with FOIA.

       Before the court is Defendant’s Motion for Summary Judgment and Plaintiff’s Cross-

Motion for Summary Judgment. Upon consideration of the parties’ submissions and the record,

the court grants Defendant FTC’s Motion for Summary Judgment and denies Plaintiff’s Cross-

Motion for Summary Judgment.

II.    BACKGROUND

       A.      Factual Background

               1.      COPPA and FTC Enforcement

       In 1998, Congress enacted the Children’s Online Privacy Protection Act (“COPPA”),

15 U.S.C. §§ 6501-6506, in order to protect children under 13 years of age who use the Internet.

The statute imposed certain requirements on operators of websites and online services directed at

young children, and instructed the FTC to issue and enforce regulations implementing the statute.

15 U.S.C. § 6502(b); Def.’s Statement of Material Facts, ECF No. 6 [hereinafter Def.’s Facts], ¶

                                                 2
1. To carry out Congress’ directive, the FTC issued the COPPA Rule, which applies to “any

operator of a Web site or online service directed to children, or any operator that has actual

knowledge that it is collecting or maintaining personal information from a child.” 16 C.F.R.

§ 312.3. The COPPA Rule requires, among other things, that such websites and online services

provide specific notice about the personal information they collect from children, how they use it,

and their practices for disclosing it; obtain parental consent before collecting, using, or disclosing

personal information from children; and establish procedures to protect the confidentiality and

security of personal information collected from children. 16 C.F.R. §§ 312.3, 312.4-312.8. The

FTC may bring enforcement actions against persons or operators who fail to comply with the

COPPA Rule. See 15 U.S.C. §§ 6502(c), 6505(a) & (d).

               2.      Safe Harbor Programs

       Although Congress left it to the FTC to develop rules to implement COPPA, in a rather

unique regulatory scheme, it largely left the enforcement of those rules to private industry. The

COPPA statute provides that operators of websites and online services directed at young children

can comply with the statute “by following a set of self-regulatory guidelines, issued by

representatives of the marketing or online industries or by other persons.” 15 U.S.C. § 6503(a);

see also 16 C.F.R. § 312.11(g). Issuers of these guidelines are known as “safe harbor programs.”

16 C.F.R. § 312.11.

       Congress adopted this “self-regulation” model to “develop[] an industry consensus on the

appropriate level of protection to accord children’s privacy on commercial Internet sites” and to

“encourage development and implementation of meaningful, effective self-regulatory activities

and to provide basis for their wide-spread adoption.”         S. 2326, Children’s Online Privacy

Protection Act of 1998: Hearing Before the S. Subcomm. on Communications of the S. Comm. On

                                                  3
Commerce, Science, and Transportation, 105th Cong. 11 (1998) (statement of Robert Pitofsky,

Chairman, FTC). By allowing enforcement through safe harbor programs instead of through direct

federal agency oversight, “Congress intended to . . . promot[e] efficiency and flexibility in

complying with COPPA’s substantive provisions.” Children’s Online Privacy Protection Rule,

Final Rule Amendments, 78 Fed. Reg. 3,995-3,996 (Jan. 17, 2013). The FTC similarly has

explained that the safe harbor program was meant to serve as an “incentive for industry self-

regulation; by allowing flexibility in the development of self-regulatory guidelines, it ensures that

the protections afforded children under this Rule are implemented in a manner that takes into

account industry-specific concerns and technological developments.” Children's Online Privacy

Protection Rule, 1999 Statement of Basis and Purpose, 64 Fed. Reg. 59,906 (Nov. 3, 1999).

       Safe harbor programs must be approved by the FTC. The FTC will approve a safe harbor

program only after a public notice and comment period and upon a finding that the safe harbor

program’s self-regulatory guidelines “meet the requirements” of the COPPA Rule. 15 U.S.C.

§ 6503(b)(2). Specifically, a safe harbor program must: (1) “provide substantially the same or

greater protections for children” as the COPPA Rule; (2) implement “[a]n effective, mandatory

mechanism for the independent assessment” of operators’ compliance that includes “a

comprehensive review” of each operators’ “information policies, practices, and representations”;

and (3) impose “[d]isciplinary actions for subject operators’ non-compliance with self-regulatory

program guidelines.” 16 C.F.R. § 312.11(b); Def.’s Facts, ECF No. 6, ¶ 2; Plaintiff’s Statement

of Material Facts Not in Dispute and Response to Defendant’s Statement of Facts Not in Dispute,

ECF No. 10-7 [hereinafter Pl.’s Facts], ¶ 1. Once the FTC approves a safe harbor program,

operators of websites and online services covered by COPPA can subscribe to it. By complying

with the program’s guidelines, the operator or website will be in compliance with the COPPA

                                                 4
Rule. Def.’s Mot. for Summ. J., ECF No. 6 [hereinafter Def’s Mot.], Ex. J, Decl. of Kandi Parsons,

ECF No. 6-2 [hereinafter Parsons Decl.] ¶ 3.

       Safe harbor programs operate in a competitive market. Id. ¶ 6. They receive fees from

subscribers and compete against one another to increase their subscriber base. Id. Each program

attempts to distinguish itself from its competitors in a number of ways, including: (1) the strength

of its privacy protections; (2) the compliance guidance it provides; (3) the sophistication and

reliability of its privacy oversight technology; (4) the effectiveness of its approved parental consent

methods; (5) its ability to resolve compliance issues; and (6) the trust its generates among parents

of children who use the member websites or online services. Id.; Def.’s Facts ¶ 4; Pl.’s Facts ¶ 4.

Many of the safe harbor programs offer a seal or certificate that members can display on their

website to show that they belong to the program and are in compliance with COPPA. Parsons

Decl. ¶ 7. A seal also may signify compliance with rules and guarantees specific to a particular

safe harbor program. Safe harbor programs use these distinctive features to attract business. Id. ¶

8.

       At the time this action was filed, the FTC had approved seven safe harbor programs.

Pl.’s Mot. for Summ. J., ECF No. 10 [hereinafter Pl.’s Mot.], at 3; Parsons Decl. ¶ 5. They are:

Aristotle, the Children’s Advertising Review Unit (“CARU”), the Entertainment Software Rating

Board (“ESRB”), iKeepSafe, kidSafe Seal Program (“kidSAFE”), Privacy Vaults Online

(“PRIVO”), and True Ultimate Standards Everywhere (“TRUSTe”). Parsons Decl. ¶ 5.

               3.      Annual Reports

       In 2013, the FTC amended the COPPA Rule to require that safe harbor programs submit

annual reports to the agency. Children’s Online Privacy Protection Rule, Final Rule Amendments,

78 Fed. Reg. 3,972, 3,995-3,996 (Jan. 17, 2013). The FTC adopted the annual report filing

                                                  5
requirement to “better ensure that all safe harbor programs keep sufficient records and that the

Commission is routinely apprised of key information about the safe harbors’ programs and

membership oversight.” Id. at 4002. The FTC also viewed the annual reports as a useful means

of “inform[ing] the Commission of the emergence of new feasible parental consent mechanisms

for operators.” Id.

       An annual report, “at a minimum,” must contain: (1) “an aggregated summary of the

results” of the program’s compliance assessments; (2) “a description of any disciplinary action

taken” against a program’s customer; and (3) a description of the program’s approval of any new

methods for online services to obtain verifiable parental consent, even if such method is not

specified in the COPPA Rule. 16 C.F.R. § 312.11(d)(1); Parsons Decl. ¶ 12. The rule does not

specify what information must be provided in the “aggregated summary” component of the report.

Nor does it require the program to identify its members who were the subject of “any disciplinary

action taken.”

       In May 2014, Defendant sent a letter to the safe harbor programs, reminding them of their

annual filing obligation. The letter also made additional disclosure requests, not mandated by the

agency’s regulations. Specifically, the FTC asked for: (1) information about any consumer

complaints alleging that a member had violated the program guidelines and the program’s

responses to such complaints; (2) records from any disciplinary action taken against a member;

(3) confirmation that the program made at least one privacy assessment of each its members within

the last year; and (4) the number of members assessed. Def.’s Facts ¶ 6; Parsons Decl. ¶ 12; Def’s

Mot., Ex. J2, ECF No. 6-2.

       The lack of guidance offered by the regulations and reminder letter about the annual

report’s expected contents and format led to a predictable result: the first round of annual reports

                                                 6
differed substantially from one another. Def.’s Mot., Decl. of Dione Jackson Stearns, ECF No. 6-

1 [hereinafter Stearns Decl.], ¶ 25 (the reports “did not contain uniform reporting mechanisms”

and “varied considerably in the types of data reported[.]”). For example, kidSAFE’s annual report

contained detailed information about its policies and a summary of the results of all assessment

efforts made by the program, see Def.’s Mot., Ex. G, ECF No. 6-1 at 63,1 while CARU submitted

a mere page and a half of information with very little detail, see id. at 58.

                  4.       Plaintiff’s FOIA Request

         On July 2, 2014, Plaintiff Center for Digital Democracy submitted a FOIA request to the

FTC seeking “all annual reports submitted by safe harbor programs as required by” the COPPA

Rule. Compl. ¶ 5; Def.’s Mot., Ex. A, ECF No. 6-1. The FTC’s FOIA Unit then located six annual

reports—one from each approved safe harbor program2—along with two supplemental reports

submitted by the safe harbor program TRUSTe. Def.’s Mot., Ex. I, Decl. of Jonathan William

Hill, ECF No. 6-2 [hereinafter Hill Decl.], ¶ 9. The responsive documents totaled eighty-eight

pages. Def.’s Facts ¶ 9; Hill Decl. ¶ 9. The FOIA Unit determined that the reports contained

“varying amounts of confidential commercial information and voluntary disclosures exceeding the

annual reporting requirements,” Def.’s Facts ¶ 10, and accordingly began the redaction process,

id. ¶ 11.

         As a part of the redaction process, the FTC informed all six programs in September 2014

that their annual reports were subject to FOIA disclosure, and requested that each program

comment on a preliminary set of proposed redactions to its respective report. Stearns Decl. ¶¶ 8,



1
  Some of the exhibits to Defendant’s Motion for Summary Judgment contain multiple documents. As a result, the
court refers to the ECF page number of the specific cited document.
2
  Although there are currently seven FTC-approved safe harbor programs, Plaintiff requested annual reports from only
six programs because the seventh, iKeepSafe, did not gain approval until after the 2014 reporting period had closed
and, therefore, it had not filed an annual report responsive to Plaintiff’s FOIA request. Compl. ¶ 5; Def.’s Facts ¶ 7.
                                                          7
27; Def.’s Mot., Ex. D, ECF No. 6-1. Four safe harbor programs responded to the FTC’s request.

Stearns Decl. ¶ 9. In addition, the FOIA Unit consulted with FTC economic and legal experts

about potential redactions. Id.; Def.’s Facts ¶ 13. Based upon the comments and consultations,

the FOIA Unit modified its initial redactions and sent advance copies of the annual reports, with

finalized redactions, to each safe harbor program in January 2015. Def.’s Facts ¶¶ 14-15; Def.’s

Mot., Exs. E-F, ECF No. 6-1 (letter to PRIVO and proposed redacted annual report). By February

25, 2015, the FOIA Unit had produced to Plaintiff all six safe harbor programs’ annual reports.

Def.’s Facts ¶¶ 16-19; Def.’s Mot., Ex. G, ECF No. 6-1; Def’s Mot., Ex. H, ECF No. 6-2. All told,

the FTC’s response consisted of 88 pages—two pages in full, 36 pages with redactions, and

50 fully-withheld pages. Pl.’s Mot. at 5; Stearns Decl. ¶ 13.

       B.      Procedural History

       On December 11, 2014, Plaintiff filed suit in this court under FOIA, challenging the FTC’s

decision to withhold and redact certain pages of the annual reports. Plaintiff requested that the

court order Defendant to “process immediately the requested records in their entirety” and

“disclose the requested records in their entirety” to Plaintiff. Compl., ECF No. 1. On March 23,

2015, Defendant filed a Motion for Summary Judgment. See generally Def.’s Mot. In that motion,

Defendant identified eight categories of information it asserted were exempt from disclosure:

(1) nonpublic interpretations and analyses of the COPPA Rule; (2) self-regulatory assessments not

required by the COPPA Rule; (3) business development plans; (4) compliance oversight tools and

logistics; (5) membership statistics and market shares; (6) member correspondence regarding

compliance issues; (7) remediation and disciplinary rates; and (8) the identity of members subject

to discipline. Def’s Mot. at 5-6. These categories of information, the FTC argued, were properly



                                                8
withheld pursuant to Exemptions 3 and 4 of FOIA, 5 U.S.C. § 552(b), and Section 6(f) of the

Federal Trade Commission Act, 15 U.S.C. § 46(f).

       Plaintiff filed a Cross-Motion for Summary Judgment on May 20, 2015. See generally

Pl.’s Mot. In it, Plaintiff “narrow[ed] its challenge to [Defendant’s] handling of its FOIA request”

by not contesting the withholdings as to five categories of information. Id. at 6. Still, Plaintiff

maintained its challenge as to three categories of withheld information: (1) interpretations and

analyses of the COPPA Rule; (2) membership statistics and market shares; and (3) remediation

and disciplinary rates. Pl.’s Mot. at 6. Plaintiff argued that the information falling under those

categories was improperly withheld and must be disclosed under FOIA. Pl.’s Mot. at 6, 22.

Defendant’s and Plaintiff’s motions thus focus on whether those three categories of information

are exempt from disclosure under FOIA.

III.   LEGAL STANDARDS

       A.      Standard for Motion for Summary Judgment

       A court shall grant summary judgment “if the movant shows that there is no genuine

dispute as to any material fact and the movant is entitled to judgment as a matter of law.” Fed. R.

Civ. P. 56(a). To make this determination, the court must “view the facts and draw reasonable

inferences in the light most favorable to the [non-moving] party.” Scott v. Harris, 550 U.S. 372,

378 (2007) (citations and internal quotation marks omitted). A dispute is “genuine” only if a

reasonable fact-finder could find for the nonmoving party, and a fact is “material” only if it is

capable of affecting the outcome of litigation. Anderson v. Liberty Lobby, 477 U.S. 242, 248

(1986). A non-material factual dispute must not prevent the court from granting summary

judgment. See id. at 248-50.



                                                 9
       Most FOIA cases are appropriately decided on motions for summary judgment.

See Defenders of Wildlife v. U.S. Border Patrol, 623 F. Supp. 2d 83, 87 (D.D.C. 2009). A court

may award summary judgment in a FOIA case by relying on the information included in the

agency’s affidavits or declarations if they are “relatively detailed and non-conclusory,” SafeCard

Servs., Inc. v. SEC, 926 F.2d 1197, 1200 (D.C. Cir. 1991) (citations and internal quotation marks

omitted), and describe “the documents and the justifications for nondisclosure with reasonably

specific detail, demonstrate that the information withheld logically falls within the claimed

exemption, and are not controverted by either contrary evidence in the record nor by evidence of

agency bad faith,” Military Audit Project v. Casey, 656 F.2d 724, 738 (D.C. Cir. 1981).

       It is the government agency’s burden to prove that it has complied with its obligations

under FOIA. DOJ v. Tax Analysts, 492 U.S. 136, 142 n.3 (1989). To prevail on a motion for

summary judgment, the agency must demonstrate that “each document that falls within the class

requested either has been produced, is unidentifiable, or is wholly exempt from the Act’s

inspection requirements.” Goland v. CIA, 607 F.2d 339, 352 (D.C. Cir. 1978); see also Students

Against Genocide v. Dep’t of State, 257 F.3d 828, 833 (D.C. Cir. 2001). “Unlike the review of

other agency action that must be upheld if supported by substantial evidence and not arbitrary or

capricious, the FOIA expressly places the burden ‘on the agency to sustain its action’ and directs

the district courts to ‘determine the matter de novo.’” DOJ v. Reporters Comm. for Freedom of

Press, 489 U.S. 749, 755 (1989) (quoting 5 U.S.C. § 552(a)(4)(B)).

       B.      Applicable Exemption Legal Standards

       Defendant argues that the three disputed categories of information were properly withheld

under (1) the combination of FOIA Exemption 3 and Section 6(f) of the Federal Trade Commission



                                               10
Act (“FTC Act”) and (2) FOIA Exemption 4. Def.’s Mot. at 13-14. The applicable legal standards

as to each is set forth below.

                1.      FOIA Exemption 3 and the FTC Act

        FOIA Exemption 3 permits an agency to withhold information that is

        specifically exempted from disclosure by statute . . . [if] that statute (A) (i) requires
        that the matters be withheld from the public in such a manner as to leave no
        discretion on the issue; or (ii) establishes particular criteria for withholding or refers
        to particular types of matters to be withheld.

5 U.S.C. § 552(b)(3). “When analyzing whether the defendant is entitled to invoke Exemption 3,

the court need not examine the detailed factual contents of specific documents withheld; rather,

the sole issue for decision is the existence of a relevant statute and the inclusion of withheld

material within the statute’s coverage.” James Madison Project v. C.I.A., 607 F. Supp. 2d 109,

126 (D.D.C. 2009) (internal quotation marks omitted).

        Here, the relevant statute invoked is Section 6(f) of the FTC Act. Section 6(f) prohibits the

FTC from “mak[ing] public any trade secret or any commercial or financial information which is

obtained from any person and which is privileged or confidential.” 15 U.S.C. § 46(f). Because

Section 6(f) of the FTC Act mandates the withholding of certain information, FOIA Exemption 3

also protects against its disclosure. Thus, Section 6(f) and Exemption 3 operate in tandem in this

case.

                2.      FOIA Exemption 4

        The application of Section 6(f) and Exemption 3 depends, in turn, on the standards for

withholding under FOIA Exemption 4. That is because Section 6(f) largely parrots the text of

FOIA Exemption 4. Where Section 6(f) prohibits “mak[ing] public any trade secret or any

commercial or financial information which is obtained from any person and which is privileged or

confidential,” 15 U.S.C. § 46(f), FOIA Exemption 4 requires the withholding of information that
                                             11
qualifies as “trade secrets and commercial or financial information obtained from a person and

privileged or confidential.” 5 U.S.C. § 552(b)(4); Nat’l Parks & Conservation Ass’n v. Morton,

498 F.2d 765, 766 (D.C. Cir. 1974). By adopting such parallel text, Congress intended for

Section 6(f) “to remove any discretionary authority that the Commission has to make public any

information which is exempt from disclosure under the Fourth Exemption of the Freedom of

Information Act.” H.R. Rep. No. 96-917, at 28 (1980) (Conf. Rep.), as reprinted in 1980

U.S.C.C.A.N. 1143, 1144. As a result, FOIA Exemption 3 and Section 6(f) of the FTC Act are

“coextensive” with FOIA Exemption 4. Doherty v. F.T.C., 1981 WL 2094, at *2 (D.D.C. June 24,

1981). Exemption 4’s legal standards, therefore, are controlling in this case.

       The Court of Appeals has observed that Exemption 4 contains two threshold requirements:

the information must be (1) “obtained from a person” and (2) “commercial or financial.”

See Wash. Post Co. v. Dep’t of Health and Human Servs., 690 F.2d 252, 266 (D.C. 1982)

[hereinafter Wash. Post. Co. I]. If these threshold requirements are met, the court then must

determine if the information is “privileged or confidential.” Id. Here, there is no dispute that the

information at issue was both (1) obtained from a person and (2) commercial. See generally Pl.’s

Mot. The parties, however, join issue over whether the three contested categories of information

contained in the annual reports were “confidential.”

       Our Court of Appeals has developed two tests to determine whether information is

confidential under Exemption 4. Which test applies depends on the manner in which the

government agency obtained the information at issue. When an agency receives the sought-after

information by way of a mandatory disclosure, the information is considered confidential for

purposes of FOIA Exemption 4 if disclosure is likely (1) to impair the agency’s ability to obtain

the information in the future or (2) to cause substantial harm to the competitive position of the

                                                12
source of the information. Nat’l Parks, 498 F.2d at 770. The inquiry is an objective one.

See Wash. Post Co. I., 690 F.2d at 268.

        A different test applies when an agency receives information by way of a voluntary

disclosure. In that case, the information is confidential for purposes of Exemption 4 if it is “of a

kind that would customarily not be released to the public by the person from whom it was

obtained.” Critical Mass Energy Project v. Nuclear Regulatory Comm’n, 975 F.2d 871, 879 (D.C.

Cir. 1992).

        Here, the parties agree that the National Parks mandatory-disclosure test applies, because

the safe harbor programs submitted the contested information pursuant to the FTC’s annual report

filing rule.3 See Def.’s Mot. at 19-20, 25-26, 28-30; Def.’s Reply in Support of its Mot. for Summ.

J. and Opp’n to Pl.’s Cross-Motion for Partial Summ. J., ECF No. 12 [hereinafter Def.’s Reply],

at 3 n.1 (conceding that “[s]ince the disputed information was part of mandatory disclosures,

National Parks is the governing test”); Pl.’s Mot. at 10. Thus, the information withheld from the

safe harbor programs’ annual reports is confidential for purposes of Exemption 4 if its disclosure

likely would impair the government’s ability to gather information, Wash. Post Co. v. Dep’t of

Health and Human Servs., 865 F.2d 320, 326 (D.C. Cir. 1989) [hereinafter Wash. Post Co. II], or

would cause “substantial harm to the competitive position” of the program from which the

information was obtained, Pub. Citizen Health Research Grp. v. FDA, 704 F.2d 1280, 1290-91

(D.C. Cir. 1983) [hereinafter Pub. Citizen I].



3
  Although Defendant notes that for voluntary disclosures, the Court of Appeals has stated that the more relaxed
standard set out in Critical Mass applies, see Def.’s Mot. at 19, Defendant does not argue that the Critical Mass
standard applies to any of the contested categories of information. Nor does either party conduct an analysis under
Critical Mass to determine whether the contested information was properly withheld. Thus, the court assumes that
the mandatory-disclosure test applies and conducts its analysis—as the parties do—using the test set out in National
Parks.

                                                        13
       Because Defendant invokes both prongs of the National Parks test to justify its

withholdings in this case, the court addresses each in more detail below.

                               a.      The government’s ability to gather information

       Whether the disclosure of information is likely to impair the government’s ability to gather

information—the first National Parks prong—involves a “rough balancing of the extent of the

impairment and the importance of the information against the public interest in disclosure.” Wash.

Post Co. I, 690 F.2d at 269. The potential for impairment in gathering information is not limited

to the question whether an agency has power to compel disclosure in the future. Id. at 268 (stating

“whether disclosure is mandatory is certainly a factor in deciding whether the government’s access

to information is likely to be impaired” (emphasis added)). Rather, it encompasses the possibility

that suppliers of information, as a consequence of public disclosure, will narrowly construe the

government’s requests and thereby seriously impair the government’s information-gathering

ability. See id. at 269; Wash. Post Co. II, 865 F.2d at 325 (framing the question as “whether public

disclosure would cause individuals to so narrowly construe the requests for information . . . that

the government’s information-gathering ability would be seriously impaired”). “Thus, when

dealing with a FOIA request for information the provider is required to supply, the governmental

impact inquiry will focus on the possible effect of disclosure on [the] quality [of the information].”

Critical Mass Energy Project, 975 F.2d at 878.

       But, as with other FOIA exemptions, Exemption 4 is to be read narrowly in light of FOIA’s

“dominant disclosure motif.” Wash. Post Co. II, 865 F.2d at 324. Consequently, “minor

disadvantages flowing from disclosure cannot overcome the disclosure mandate of FOIA.” Id. at

327 (citation omitted) (internal quotation marks omitted). In the end, information that should be



                                                 14
supplied under FOIA “will be withheld only when the affirmative interests in disclosure on the

one side are outweighed by the factors . . . militating against disclosure on the other.” Id.

                               b.      Harm to information supplier’s competitive position

         With respect to the second prong of the National Parks test—whether disclosure likely

would cause substantial harm to the competitive position of the person who supplied the

information—the court “need not conduct a sophisticated economic analysis of the likely effects

of disclosure” to decide if substantial competitive harm would occur. Pub. Citizen I, 704 F.2d at

1291 (citation omitted). An agency, of course, must offer more than a conclusory and generalized

allegation of substantial harm to support its withholding of information. See id. It need not,

however, “show actual competitive harm.” Id. Rather, “evidence revealing actual competition

and the likelihood of substantial competitive injury is sufficient to bring commercial information

within the realm of confidentiality.” Id. (citation omitted) (internal quotation marks omitted);

see also McDonnell Douglas Corp. v. U.S. Dep’t of the Air Force, 375 F.3d 1182, 1187 (D.C. Cir.

2004) (stating that parties do not have to “prove disclosure certainly would cause it substantial

competitive harm, but only that disclosure would ‘likely’ do so”).

IV.      DISCUSSION

         The court now turns to the three contested categories of information and analyzes whether

each is confidential, and thus properly withheld by Defendant, under the test set forth in National

Parks.

         A.     Non-Public Analyses of the COPPA Rule

         Annual reports must contain an “aggregated summary” of a safe harbor program’s

independent assessment of its members’ compliance with the program’s guidelines. 16 C.F.R.

§ 312.11(d)(1). Three of the programs—CARU, ESRB, and kidSAFE—supplied that information

                                                 15
in a chart, “listing the compliance issues detected by the programs and the number of members

associated with those issues.” Def.’s Mot. at 19 (citing Parsons Decl. ¶ 19). The kidSAFE report

also included a separate chart with its analysis of the different types of consumer complaints it

received. Def.’s Mot., Ex. G, ECF No. 6-1. Although Defendant produced portions of each chart

to the extent “they contained straightforward recitations or discussions of the COPPA Rule,” it

withheld “portions of the charts reflecting the safe harbor programs’ unique, nonpublic analyses

of how the [COPPA] Rule should be implemented in various settings.” Parsons Decl. ¶ 19.

Plaintiff challenges the idea that the programs’ interpretations and analyses of the COPPA Rule

are confidential and subject to Exemption 4. Pl.’s Mot. at 11-13.

       In support of these redactions, Defendant primarily argues that the safe harbor programs’

analyses “are confidential because their release would subject the safe harbor programs that

developed them to substantial competitive injury.” Def.’s Mot. at 20. It also argues that disclosure

of these analyses “would likely impair the agency’s ability to obtain necessary information in the

future.” Id. The court considers each of these justifications in turn.

               1.      Disclosure Likely Would Cause Substantial Competitive Injury

       Defendant offers three declarations to support its claim that disclosure of the programs’

non-public analyses of the COPPA Rule likely would cause substantial competitive injury. The

primary declaration comes from Kandi Parsons, an FTC lawyer responsible for implementing

COPPA and who has knowledge of the industry and the approved programs. Parsons Decl. ¶ 2.

Parsons attested that “COPPA safe harbor programs make nuanced determinations of how the Rule

should apply to diverse business models in a rapidly evolving technological marketplace. . . . If

rivals could obtain these analyses [of COPPA], they could use them to improve their own oversight

functions and compliance advice, thereby diverting business from the programs that developed the

                                                 16
analyses.” Id. ¶ 19. According to Parsons, she consulted with the FTC’s Bureau of Economists

“to verify our understanding of what information should be considered confidential in this

competitive, evolving marketplace.” Id. ¶ 16.

       Defendant also relies on declarations filed by executives from two safe harbor programs—

ESRB and kidSAFE. Dona Fraser, Vice President of ESRB Privacy Certified, attested that her

company offers a safe harbor program “that provides a workable and user-friendly compliance

solution for its member companies.” Def.’s Mot., Ex. L, Declaration of Dona J. Fraser (ESRB),

ECF No. 6-2 [hereinafter Fraser Decl.], ¶ 4. Furthermore, according to Fraser, her company’s

program has “defined and developed ‘Compliance Issues’ that differ substantially from the more

complex formulation available in the COPPA Rule and, in many instances, has exceeded the

COPPA Rule requirements.” Id. Fraser attested that this is the kind of information that ESRB

“would not customarily disclose to the public.” Id. ¶ 6. kidSAFE’s founder and President, Shai

Samet, similarly stated that “any information pertaining to [kidSAFE’s] compliance enforcement

activities, including any legal analysis” is deemed confidential by kidSAFE. Def.’s Mot., Ex. O,

Declaration of Shai Samet (kidSAFE), ECF No. 6-2 [hereinafter Samet Decl.], ¶ 6(f).

       Plaintiff, for its part, does not dispute any of the evidence offered by Defendant or offer

any contrary evidence of its own. As a result, Defendant’s evidence of competitive harm, such as

it is, stands unrebutted; therefore, this record presents no genuine dispute about an issue of material

fact. The sole remaining question then is whether Defendant has carried its burden of proving that

the withheld information is exempt from disclosure. See Pub. Citizen Health Research Grp. v.

FDA, 185 F.3d 898, 904 (D.C. Cir. 1999) [hereinafter Public Citizen II].

       Plaintiff, at least initially, does not argue that Defendant has failed to meet its evidentiary

burden. Instead, Plaintiff argues that “the FTC’s theory of competitive harm directly contradicts

                                                  17
the agency’s goals of ensuring COPPA compliance.” Pl.’s Mot. at 11. Plaintiff contends that

“public access to this information would actually improve” the quality of the safe harbor programs

because it would lead to more robust enforcement. Id. at 11-12. Essentially, Plaintiff contends

that if one safe harbor program’s interpretation of the COPPA Rule leads to better compliance or

more effective enforcement, other programs could emulate that success if the interpretation of the

Rule were public. Id. Plaintiff also argues that maintaining confidentiality over safe harbor

programs’ analyses of the COPPA Rule amounts to encouraging the development of “secret law.”

Id. at 12. Lastly, Plaintiff suggests that Congress “intended that safe harbor providers enforce the

law in public and that the process be open” and that “COPPA enforcement should be transparent.”

Id.

         None of those arguments is well taken. In a nutshell, Plaintiff’s central argument is that it

would be good policy to release these withheld legal analyses because, if they were public, safe

harbor programs could use their competitors’ analysis of the COPPA Rule to improve their own

enforcement of COPPA, thereby promoting overall effectiveness and transparency in enforcement.

Yet, as Defendant rightly contends,4 the law does not allow this sort of “consequentialist”

argument to defeat the otherwise proper withholding of information under Exemption 4. Pub.

Citizen II, 185 F.3d at 904.

         In Public Citizen II, the plaintiff argued for disclosure of certain information because

“disclosure would prevent other drug companies” from making the same mistakes one drug

company had which would “thereby avoid[] risk to human health.” Id. at 903. The court rejected



4
  Plaintiff asserts that Defendant “mischaracterizes” its argument “as asking the court to balance the public benefits of
disclosing the information against the competitive harm that might result.” Pl.’s Mot., at 3. The court disagrees. Even
if Plaintiff did not expressly ask the court to “balance” the public benefit, it certainly rooted its argument in the
purported collateral public benefits that disclosure would bring to enforcement of the COPPA Rule.

                                                          18
that argument, holding that it was not “open to [the plaintiff] . . . to bolster the case for disclosure

by claiming an additional public benefit in that, if the information is disclosed, then other drug

companies will not conduct risk clinical trials.” Id. at 904. The public interest under FOIA, the

Court of Appeals observed, is rooted in discovering what “the government is up to,” not “any

collateral benefits of disclosure.” Id. So it is here. Plaintiff’s argument that the COPPA Rule

would function better if safe harbor programs’ interpretation of the Rule were made public does

not bolster the case for disclosure. Indeed, the impact that public disclosure would have on the

efficacy of the COPPA Rule is irrelevant.

       In its reply brief, Plaintiff takes a different tack. Invoking the language of evidentiary

burdens, Plaintiff contends that Defendant’s justification for the withholdings is “insufficient”

because the safe harbor programs’ “publicly disclosed guidelines already contain [their] unique

legal analyses of the COPPA Rule that competitors can incorporate into their own safe harbor

programs.” Pl.’s Reply in Support of its Cross-Motion for Partial Summ. J., ECF No. 13

[hereinafter Pl.’s Reply], at 4. Plaintiff cites 16 C.F.R. § 312.11(c), which sets forth what a

proposed safe harbor program must include in its application for approval. For instance, a

proposed program must include a “copy of the full text of the guidelines for which approval is

sought and any accompanying commentary.” Id. § 312.11(c)(2). From this, Plaintiff seems to

argue that the disclosure of the withheld COPPA Rule analyses cannot cause “substantial harm”

to the safe harbor programs because much of what they consider unique about their approaches to

COPPA interpretation and enforcement is already public. Pl.’s Reply at 5 (arguing “the public

availability of the self-regulatory guidelines undercuts the FTC’s contention that a few safe harbor

providers’ legal analyses are secret and must be withheld to avoid competitive harm”).



                                                  19
        This argument suffers from two fatal flaws. First, it comes too late. “[I]t is a well-settled

prudential doctrine that courts generally will not entertain new arguments first raised in a reply

brief.” Benton v. Laborers’ Joint Training Fund, 121 F. Supp. 3d 41, 51 (D.D.C. 2015) (citation

and internal quotation marks omitted); see also McBride v. Merrell Dow & Pharm., 800 F.2d 1208,

1211 (D.C. Cir. 1986) (“Considering an argument advanced for the first time in a reply brief . . .

is not only unfair . . . , but also entails the risk of an improvident or ill-advised opinion on the legal

issues tendered.” (citation omitted)).      Second, Plaintiff’s belated argument does not defeat

Defendant’s contention that the programs would suffer a competitive disadvantage from the

disclosure of “unique, nonpublic analyses of how the [COPPA] Rule should be implemented in

various settings . . . in a rapidly evolving technological marketplace.” Parsons Decl. ¶ 19

(emphasis added). The fact that the safe harbor programs’ guidelines and commentary are public

does not divest a company’s specific application of those guidelines of commercial value. In a

marketplace where companies compete—as even Plaintiff concedes—on the basis of, among other

things, “compliance advice” and “fairness and diligence when resolving compliance issues,”

Def.’s Facts ¶ 4; Pl.’s Facts ¶ 1, how a company interprets the COPPA Rule in a specific setting

may well give it a competitive advantage.

        The court returns then to the ultimate question on summary judgment: Has Defendant

carried its burden of proving that the disclosure of the safe harbor programs’ nonpublic analyses

of the COPPA rule is likely to cause substantial harm to their competitive positions? The court

finds that it has. Defendant has shown both “actual competition” among the safe harbor programs,

Pub. Citizen I, 704 F.2d at 1291 (citation omitted), and a likelihood of substantial competitive

injury if the programs’ analyses were to be disclosed, see id. Although Defendant’s evidence of

likely competitive harm does not rely on econometric modeling or similar analysis, such

                                                   20
sophisticated economic analysis is not required in this context. See id. (observing that “the court

need not conduct a sophisticated economic analysis of the likely effects of disclosure”).

Defendant’s in-house expert on the COPPA Rule and the safe harbor program marketplace, in

consultation with agency economists, has predicted, without contradiction, that if the rivals of

CARU, ESRB, and kidSAFE could obtain those three programs’ nonpublic analyses of the COPPA

Rule, the rivals could improve their oversight functions and compliance advice, thereby causing

CARU, ESRB, and kidSAFE to become competitively disadvantaged. See Pub. Citizen II, 185

F.3d at 905. Two safe harbor program representatives have said, under oath, that they have the

same competitive concerns. Such evidence, taken together, is sufficient to meet the agency’s

burden under Exemption 4.

                 2.       Disclosure Likely Would Impair the Agency’s Ability to Gather Information

        The court also agrees with Defendant that the programs’ non-public analyses are

confidential for purposes of Exemption 4 because disclosure of that information likely would

impair the FTC’s ability to obtain such information in the future.

        It is important to put the annual report filing requirement in some context. Although

Congress directed the FTC to adopt regulations to implement COPPA, 15 U.S.C. § 6501(b), it

vested primary responsibility for monitoring and enforcing operators’ compliance with the COPPA

Rule with the safe harbor programs, not the FTC,5 id. § 6503(a) (“[A]n operator may satisfy the

requirements of regulations . . . by following a set of self-regulatory guidelines, issued by

[approved] representatives of marketing or online industries, or by other [approved] persons[.]”).

Congress did not require website and online services operators to submit reports to the FTC about



5
  Although primary responsibility for enforcement lies with the safe harbor programs, COPPA does grant the FTC and
the States the authority to bring civil actions to enforce the FTC’s regulations. See 15 U.S.C. §§ 6504(a), (d).

                                                       21
their compliance efforts; nor did it mandate any regular reporting from the safe harbor programs.

It was the FTC who created a public reporting mechanism by developing and adopting the annual

filing requirement. See Children’s Online Privacy Protection Rule, Final Rule Amendments,

78 Fed. Reg. 3,972, 3,995-3,996 (Jan. 17, 2013). Furthermore, the primary purpose of the annual

reporting rule was to enable the FTC to gather information. The FTC viewed the annual report as

a way to stay “apprised of key information about the safe harbors’ programs and membership

oversight” and “the emergence of new feasible parental consent mechanisms for operators.” Id. at

4002.

        Although the annual reporting rule’s primary function is information-gathering, the FTC

has largely left it up to the safe harbor programs to decide how much information to actually

disclose.   The programs have such autonomy for three main reasons.          First, the scope of

information sought by the annual reporting rule is quite modest. Annual reports must contain only

three categories of information: (1) “an aggregated summary of the results” of the program’s

compliance assessments; (2) “a description of any disciplinary action taken” against a program’s

customer; and (3) a description of the program’s approval of any new methods for online services

to obtain verifiable parental consent, even if such method is not specified in the COPPA Rule.

16 C.F.R. § 312.11(d)(1); Parsons Decl. ¶ 12. Given the rule’s limited mandatory disclosures, the

FTC has relied on voluntary disclosures to acquire more information. So, for instance, when the

FTC sent reminders about the reporting requirement to the safe harbor programs, it also asked the

companies to voluntarily disclose additional information about consumer complaints and response

to such complaints, as well as other information. See Parsons Decl. ¶ 12 & Ex. J2.

        Second, the text of the annual filing rule leaves plenty of room for interpretation. For

example, the key term “aggregated summary” is nowhere defined, thus allowing safe harbor

                                               22
programs ample opportunity to narrowly construe that reporting requirement. See Wash. Post Co.

I, 690 F.2d at 268-69 (observing that where a disclosure requirement “leaves room for

interpretation” the reporter may construe the “requirement narrowly” and exclude responsive

information). That the programs, in fact, did so here is amply demonstrated on this record.

See Parsons Decl. ¶ 15 (“[T]he 2014 safe harbor reports varied widely in their depth and breadth

and in the types of information they provided beyond the bare legal requirements.”). Some of

them—such as kidSAFE—submitted multi-page, detailed reports containing the requested

information. Def.’s Mot., Ex. G at 63. Others—such as CARU—submitted only short letters

containing terse entries corresponding to the requested information. Id. at 58.

       Finally, it is reasonable to conclude that the prospect of public disclosure provides a

disincentive to safe harbor programs to provide information to the FTC. The FTC’s counsel, Kandi

Parsons, attested that two safe harbor representatives have said that they “would like to give the

FTC additional information in their annual reports [but] they are concerned that this will reveal

their confidential information to the public and subject them to a competitive disadvantage.”

Parsons Decl. ¶ 15. Additionally, a number of the safe harbor program affiants attested that some

of the information included in the annual report was not the kind of information they ordinarily

would make public. See, e.g., Fraser Decl. ¶ 6; Samet Decl. ¶ 8. Thus, it is not difficult to fathom

that, in the future, in order to avoid public disclosure of information that they consider proprietary

or confidential, safe harbor programs would reduce the amount and kind of information that they

provide to the FTC.

       Against this backdrop, the court has little trouble finding that the disclosure of the safe

harbor programs’ nonpublic analyses and interpretation of the COPPA Rule would make it more

difficult for the FTC to obtain such information in the future. The three safe harbor programs

                                                 23
disclosed their nonpublic analyses as part of their respective “aggregated summary” of their

compliance assessments. If such analyses from the 2014 annual reports were publicly disclosed,

it is easy to envision that no safe harbor program would supply such information in future filings,

thereby depriving the FTC of important and useful information. The agency’s significant interest

in encouraging safe harbor programs to supply such analyses, and like information, in future filings

thus weighs against public disclosure.

       Plaintiff argues that Defendant’s impairment argument is “illogical” because the agency

simply could modify its rules to compel disclosure. Pl.’s Reply at 5 (“Because the agency has

ample authority to compel the disclosure of the withheld records, releasing those records would

not impair its ability to obtain similar information in the future.”). But that argument proves too

much. True, the FTC theoretically could amend its regulations, after notice and comment, to

demand specific disclosures. But the construct envisioned by Plaintiff would create a game of “cat

and mouse” in which the agency is regularly modifying the disclosure requirements to capture the

information private parties are reluctant to disclose. The inefficiencies inherent in such a process

would impair the FTC’s information-gathering ability.

       Finally, the required “rough balancing” of the countervailing public interest in disclosure

does not tip the balance in Plaintiff’s favor. As discussed above, Congress set up a largely self-

regulating marketplace, driven by industry standard-setting, to promote compliance with COPPA.

No doubt Congress knew that information from private enterprises would be more difficult for the

public to obtain under FOIA. But that is the balance it struck. Moreover, the public interest in the

information Plaintiff seeks is less weighty here because it will not achieve the central purpose of

FOIA, which is to inform citizens about “what the[] government is up to.” DOJ v. Reporters

Comm. for Freedom of Press, 489 U.S. 749, 773 (1989). The nonpublic analyses, if revealed, at

                                                24
most would disclose the inner workings of private safe harbor programs. It would tell the public

little, if anything, about how the FTC itself operates. Accordingly, the court concludes that the

safe harbor programs’ non-public analyses of the COPPA Rule was properly withheld under FOIA

Exemption 4.

       B.      Membership Statistics and Market Shares of the Safe Harbor Programs

       Next, Plaintiff seeks disclosure of the number of members, annual changes in membership,

and market shares of each safe harbor program. Defendant asserts that this information was

properly withheld under Exemption 4—specifically, under the second prong of the National Parks

test. Defendant argues that disclosure of this information could cause competitive injury because

“[l]arge firms could use this membership data when trying to recruit members of smaller

competitors, by asserting that those competitors have a lesser market share or are losing business,

and ostensibly have less credibility as a result.” Parsons Decl. ¶ 18. Record evidence shows that

the safe harbor programs themselves consider this information to be confidential. See, e.g., Fraser

Decl. ¶ 6 (“The number of members is kept confidential due to the high level of competition

amongst the Safe Harbors; membership retention is essential to EPC’s sustainability.”); Samet

Decl. ¶ 6(c) (explaining that kidSAFE considers confidential “any information or statistics

regarding the number of members seeking COPPA certification under KSP’s Safe Harbor

program, including the number of participants whose data is included in the 2014 KSP Report[.]”);

Def.’s Mot., Ex. Q, Declaration of Denise G. Tayloe (PRIVO), ECF No. 6-2 [hereinafter Tayloe

Decl.] ¶ 4(a)-(b) (explaining that, in order to protect against “competitive damage,” PRIVO keeps

confidential “the total number of entities and online properties that are members of the PRIVO

self-regulatory program” and “any information indicating a change in the number of members in

the program over any period of time”). Defendant also argues that combining safe harbor

                                                25
programs’ membership data with disclosed data about compliance incidents would allow

competitors to determine the percentage of members that were subjected to discipline or

remediation. Parsons Decl. ¶¶ 18, 24.

       Plaintiff counters that the safe harbor programs’ membership statistics cannot be

confidential as they are either publicly available or easily discoverable. Pl.’s Mot. at 14. Plaintiff

points out that some programs state the number of members on their website. And because

individual members display a safe harbor program’s seal on their own websites, competing

programs can conduct an online search to “learn whether a particular website is affiliated with a

different program and solicit them accordingly.” Id. at 14-15. Furthermore, Plaintiff argues that

any suggestion that competitors can combine membership statistics with other data to deduce

remediation rates is “speculative and unsupported,” largely because much of the information at

issue is already public. Id. at 15.

       The court finds that market shares and membership information constitute “sensitive” and

“non-public” information that is “precisely the kind of information that other courts have found to

be protected under Exemption 4’s commercial-information privilege.” STS Energy Partners LP

v. Fed. Energy Regulatory Comm’n, 82 F. Supp. 3d 323, 330 (D.D.C. 2015). Again, Defendant

need only show “actual competition” and “the likelihood of substantial competitive injury”—

rather than actual competitive harm—to bring commercial information under the cover of

confidentiality. Pub. Citizen I, 704 F.2d at 1291. The court finds persuasive Defendant’s concern

that, if each safe harbor program’s share of the market became public, competitors could (1) use

that information to poach customers from smaller programs; and (2) combine it with mandatorily-

disclosed disciplinary information to tabulate safe harbor programs’ rates of discipline, a fact that

could easily be used to sway customers wary of facing remediation. See e.g., Parsons Decl. ¶ 18;

                                                 26
Samet Decl. ¶ 6(c). The lack of any evidence from Plaintiff rebutting these concerns only bolsters

the court’s finding.

       Plaintiff’s argument that the information at issue here is already public because certain safe

harbor programs make representations about how many customers they have, and because certain

customers display seals of the safe harbor program they use on their websites, is unavailing. While

it is true that the government cannot withhold information under FOIA that already is in the public

domain, Afshar v. Dep’t of State, 702 F.2d 1125, 1130-34 (D.C. Cir. 1983), it is not enough that

“the same general type” of information is public, Customs & Int'l Trade Newsletter v. U.S. Customs

& Border Prot., 588 F. Supp. 2d 51, 58 (D.D.C. 2008). Rather, the information sought through

FOIA must be “identical” to the information already public. Id.

       Here, Defendant has shown persuasively that the information withheld from the annual

reports is different than that found in the public sphere. Def.’s Reply at 9-11. And if a competitor

is able to easily acquire valuable information about a competitor through FOIA, “rather than the

considerable costs of private reproduction, they may be getting quite a bargain,” which could have

“competitive consequences not contemplated as part of FOIA’s principal aim of promoting

openness in government.” Worthington Compressors, Inc. v. Costle, 662 F.2d 45, 51 (D.C. Cir.

1981). That concern exists in this case: Plaintiff is of course free to count every website that uses

a certain safe harbor program’s seal, but disclosing specific membership and market share

information through FOIA could lead to competitive harm for the safe harbor programs.

       Plaintiff also contends that Defendant’s argument that membership rates and market shares

are confidential because they could be combined with the number of disciplinary actions taken to

compute rates of discipline is “speculative.” Pl.’s Mot. at 15. This is, by definition, at least partly

true, as at issue in this lawsuit is the first round of annual reports required by the FTC, meaning

                                                  27
that the results of disclosure have not yet been tested. Yet the test to show substantial economic

harm does not require absolute certainty, as Defendant must only show that such harm is “likely.”

McDonnell Douglas Corp., 375 F.3d at 1187. Through persuasive affidavits from both FTC

employees and representatives of the safe harbor programs, Defendant has met its burden.

        In sum, Defendant has shown that information about safe harbor programs’ membership

statistics and market shares is protected from disclosure under FOIA Exemption 4.

        C.       Remediation and Disciplinary Rates

        The last contested category of withheld information is the rate of safe harbor programs’

members that were subject to remediation or discipline. One program, PRIVO, included data

revealing the percentage of its program members that required remedial action. Parsons Decl.

¶ 24. Defendant contends that if a safe harbor program’s rate of discipline were made public,

competitors could recruit members by asserting that a particular program is either too strict or too

lax with enforcement. Def.’s Mot. at 29. Additionally, Defendant argues that the disclosure of

rates of discipline would discourage safe harbor programs from including this type of information

in future annual reports. Id. at 28.6

        Plaintiff sees things differently. It argues that no competitive harm would be caused by the

disclosure of discipline rates because the safe harbor programs already have released the actual

number of members they have disciplined, including two safe harbor programs which disclosed




6
  Defendant additionally argues that discipline rates are confidential because “their disclosure could cripple the
effectiveness of the COPPA safe harbor program.” Id. Defendant suggests that information can be protected from
disclosure under FOIA not only based on the two National Parks factors, but also because of “other interests,” Wash.
Post Co. II, 865 F.2d at 327, including the possible “impairment of an agency’s ability to carry out its statutory
purpose,” Judicial Watch, Inc. v. Export-Import Bank, 108 F. Supp. 2d 19, 30 (D.D.C. 2000). The court, however,
does not reach this claimed “other interest” favoring non-disclosure, as the two main considerations weighing against
disclosure identified in National Parks—serious competitive harm and impairment of government information-
gathering—suffice in this case.
                                                        28
that they took no disciplinary actions against their members. Pl.’s Mot. at 18-19. Thus, Plaintiff

argues, competitors can already compute the discipline rates of certain safe harbor programs. Id.

Plaintiff also contends that, because safe harbor programs are required to disclose in their annual

reports any discipline or remediation they undertook against a member in the past year, 16 C.F.R.

§ 312.11(d)(1), there is no risk that the FTC will have trouble obtaining this information in the

future. Id. at 20.

        The court agrees with Defendant’s determination that the disclosure of discipline rates is

likely to cause substantial competitive harm because competitors could use that information to

convince potential customers that a rival is either too strict or too lenient. Parsons Decl. ¶ 24.

That concern is supported by the declaration from PRIVO’s CEO, Denise Tayloe, who states that

PRIVO does not disclose such information publicly because of “the competitive damage the public

availability of such information would have for PRIVO vis a vis other self-regulatory programs.”

Tayloe Decl. ¶ 4. Again, the relevant question is not whether such harm will occur; rather, it is

whether the harm is “likely” to occur. McDonnel Douglas Corp., 375 F.3d at 1187. Here, Plaintiff

has offered no evidence to contradict Defendant’s competitive concern. Based on the Parsons and

Tayloe declarations, the court finds that Defendant has carried its burden of showing the potential

for competitive harm.

        The court also concurs with Defendant’s assertion that disclosure of PRIVO’s remediation

rate would discourage other safe harbor programs, and PRIVO itself, from disclosing it in the

future. As already discussed, the annual filing rule provides safe harbor programs with wide

latitude in determining what information to supply as part of its “aggregated summary” of

compliance assessments. The disclosure of remediation rates, which the safe harbor programs

consider sensitive business information, likely would discourage them from supplying it in the

                                                29
future. The loss of such information would impair the FTC’s efforts to monitor how the safe harbor

programs are working. Parsons Decl. ¶¶ 9-10. Although the public may have an interest in

remediation rates, such information ultimately does not reveal what the “government is up to,” as

Congress made a policy decision to vest private enterprises with primary enforcement authority

over those subject to the COPPA Rule. The agency’s interest in avoiding impairment to its

information-gathering function thus outweighs the public’s interest in disclosure.

       D.      Segregability

       FOIA requires a government agency to disclose any “reasonably segregable” non-exempt

information. 5 U.S.C. § 552(b). It is the agency’s burden to show that it has done so. STS Energy

Partners LP, 82 F. Supp. 3d at 336. The agency must provide a “detailed justification” for the

non-segregability of all information that is not released, but does not need “to provide so much

detail that the exempt material would be effectively disclosed.” Johnson v. Exec. Office for U.S.

Attorneys, 310 F.3d 771, 776 (D.C. Cir. 2002) (citations omitted). Information that is “inextricably

intertwined” with exempt material need not be disclosed. 5 U.S.C. § 552(b).

       The court is satisfied that Defendant has shown that it produced all non-exempt information

to Plaintiff and only segregated and redacted that which it (rightly) believed to be exempt from

disclosure. Defendant prepared a comprehensive Vaughn index, describing each document or

portion withheld, the exemption under which it was withheld, and the justification for doing so.

See Def.’s Mot., Ex. J, Summary of Records Withheld in FOIA 2014-01098, ECF No. 6-2. In

addition, FTC attorney Stearns stated that she reviewed every document of the production “line

by-line” and determined that “all reasonably segregable portions of the relevant records” have been

produced to Plaintiff. Stearns Decl. ¶ 51. It also appears from the record that the FTC conducted

multiple reviews of the reports, which resulted in the production of previously-redacted

                                                30
information. Id. ¶¶ 36, 47. The combination of the Vaughn index, the detailed review and

redaction process employed by the FTC, and the sworn statements of an FTC attorney is sufficient

to fulfill the agency’s obligation to show with “reasonable specificity” why the documents in

question cannot be further segregated. See Exec. Office for U.S. Attorneys, 310 F.3d at 776.

V.     CONCLUSION

       For the reasons set forth above, Defendant’s Motion for Summary Judgment is granted and

Plaintiff’s Cross-Motion for Summary Judgment is denied. A separate order accompanies this

Memorandum Opinion.




Dated: June 1, 2016                                 Amit P. Mehta
                                                    United States District Judge




                                               31
