Facebook’s dubious privacy practices have long since been considered as open invites for heavy criticism. However, critics believed that there was little that the company actually did to address complaints, often resorting to a strategy of forcing platform changes and then just waiting for the hubbub to die down”.

However, in 2009, Facebok finally made a costly mistake – one that caught the Federal Trade Commission’s attention. They made public certain data that the users thought were private – a move that was once again met with much protest. The FTC finally stepped in and accused Facebook of engaging in “unfair and deceptive” practices, listing several violations that the company had committed – some of the more grave ones including: sharing users’ personal data with advertisers despite promising not to, unreliability of the company’s “verified apps” program, keeping data even after the users’ deletion of said data, giving app developers more access to data than was necessary, and failing to comply with the U.S. – EU Safe Harbor Framework.

The investigation lasted for the better part of two years. But now the two have finally reached a settlement, one that will heavily influence our usage of Facebook for years to come. Basically, Facebook will have to submit to regular audits of its privacy practices for the next 20 years. It will also be required to enforce the ‘opt in’ policy for its features before changing any of their privacy controls.

Mark Zuckerberg also wrote a lengthy blog post expressing his thoughts on the subject, admitting that the company had made mistakes but also stressing that the company had done its part to address the issues. He further stated that the good Facebook does is often overshadowed by its past mistakes. In fact, according to Zuckerberg, some of the complaints the FTC listed had already been fixed. For example, the verified apps program had already been cancelled by December 2009. The allegation that Facebook shared private data with advertisers had also been addressed. Back then, advertisers had been inadvertently receiving ID numbers of users in the referrer URLs. However, Facebook had already fixed this issue by May 2010.

Zuckerberg also mentioned that he would be adding two key positions to his staff, namely “Chief of Privacy (to be filled by Erin Egan) and Chief Privacy Officer (Michael Richter).

Should Facebook still violate the terms of their agreement, the company will be facing a penalty of $16,000 per day for each violation.