Facebook will submit to external audits of how well it guards users’ data under the terms of a settlement finalized Friday with US authorities concerned about privacy abuses.
The deal with the Federal Trade Commission (FTC) was announced in November and then subjected to a public comment period that recently ended.
“The settlement requires Facebook to take several steps to make sure it lives up to its promises in the future,” the FTC said in a release.
Those steps include giving users “clear and prominent notice and obtaining their express consent” before sharing their personal information, limits users can indicate in their privacy settings.
The Menlo Park, California-based social network will also have its privacy practices and programs audited every two years by an independent third party for the next two decades, according to the FTC.
The FTC said Facebook had promised to honor users’ privacy preferences and to stop making claims about the security of personal information — such as age, location and friends — that are untrue.
The deal settles three-year-old accusations that Facebook — which boasts some 900 million users — had allowed advertisers access to users’ personal data when users were told it was being kept private.
Facebook did not admit guilt and was not fined in the case, which arose from an investigation by privacy groups in December 2009 into claims it had deceived users when it changed its privacy settings.
The FTC said Facebook had deceived users in several ways: by promising it would not share personal data with advertisers and then doing so; saying that third party apps had limited access to personal data when they had full access; and making public data that users had asked to remain private.