Facebook will be required to get user consent for certain changes to privacy settings as part of a settlement of US federal charges that it deceived consumers and forced them to share more personal information than they intended.
The settlement with the US Federal Trade Commission (FTC) will also subject the company, which is reported to preparing a $US10 billion initial public offering, to 20 years of independent audits.
"I'm the first to admit that we've made a bunch of mistakes," co-founder Mark Zuckerberg wrote in a lengthy post on the company's official blog on Tuesday.
To ensure that Facebook did a better job, Zuckerberg said the company had created two new corporate privacy officer positions to oversee Facebook products and policy.
In its complaint, the FTC said that Facebook had repeatedly violated laws against deceptive and unfair practices. For example, it said Facebook promised users that it would not share personal information with advertisers, but it did.
Also, the company had failed to warn users that it was changing its website in December 2009 so that certain information that users had designated as private, such as their "Friends List", would be made public, the FTC said.
Chris Conley, policy attorney with the American Civil Liberties Union of Northern California said the settlement "makes it clear that companies can't simply change the rules without asking users' permission".
But he said that to keep pace with new technology, there was a need for new laws and tools.
"We shouldn't have to struggle with complicated and constantly shifting privacy settings just to keep control of our own personal information," Conley said.
Facebook, which has more than 800 million users, has often been criticised for its privacy practices since its founding in a Harvard dorm room in 2004.
Earlier this year, the company came under fire for practices related to its use of facial recognition technology to automatically identify people appearing in the photos that are shared on the service.
Ability to innovate
On a conference call with reporters on Tuesday, FTC officials said the settlement did not expressly cover the use of facial recognition technology.
They noted, however, that it was broadly crafted so that it would prevent Facebook from deceiving consumers going forward.
If Facebook is found to have violated any of the provisions of the settlement, the company is subject to fines of $US16,000 per day for each violation, FTC Chairman Jon Leibowitz said.
Sign up for Computerworld eNewsletters.