Facebook CEO Mark Zuckerberg has issued a statement confirming that the social network has agreed to settle with the FTC over charges that it has violated user privacy.
The Federal Trade Commission (FTC) claimed that Facebook had changed privacy settings on the site without the permission of its users, and it must now "obtain consumers' affirmative express consent before enacting changes that override their privacy preferences".
This effectively means that from now on all changes made by Facebook to its privacy settings must be opted in to by users; the 800 million-member site must also submit to privacy audits every two years for the next 20 years.
From now on, access to content on deactivated accounts will be barred and the site must avoid misrepresenting the privacy or security of user data.
Zuckerberg said on the company blog: "I'm the first to admit that we've made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done."
The CEO continues to explain how Facebook will change to comply with the FTC: "the FTC established agreements with Google and Twitter that are helping to shape new privacy standards for our industry. Today, the FTC announced a similar agreement with Facebook.
"For Facebook, this means we're making a clear and formal long-term commitment to do the things we've always tried to do and planned to keep doing - giving you tools to control who can see your information and then making sure only those people you intend can see it."
Zuckerberg continued to address each problem raised by the FTC, confirming that the problems have been fixed: "Even before the agreement announced by the FTC today, Facebook had already proactively addressed many of the concerns the FTC raised. For example, their complaint to us mentioned our Verified Apps Program, which we canceled almost two years ago in December 2009. The same complaint also mentions cases where advertisers inadvertently received the ID numbers of some users in referrer URLs. We fixed that problem over a year ago in May 2010."
Facebook has interpreted the ruling to mean that while changes which override existing privacy settings must be opted into, adding new settings is allowed without the option for users to opt out.
The ruling also means that Facebook's core business model - selling targeted adverts to users - remains safe. The website is "barred from making misrepresentations about the privacy or security of consumers' personal information", but a small change to the sign-up process explaining that advertising can target users based on their personal data would mean that this practice is safe for now.
The Facebook founder and CEO ends his statement by reassuring users: "We will continue to improve the service, build new ways for you to share and offer new ways to protect you and your information better than any other company in the world."