* FTC says Facebook must end deceptive privacy practices
* Facebook required to get 20 years worth of audits
* Zuckerberg says creating two new privacy officers
By Diane Bartz and Alexei Oreskovic
WASHINGTON/SAN FRANCISCO, Nov 29 (Reuters) - Facebook has settled complaints that it disregarded its users’ privacy, agreeing to establish a raft of measures to better protect its 800 million members’ data.
The settlement with the U.S. Federal Trade Commission on Tuesday will require Facebook to obtain its users’ consent for certain changes to privacy settings and subject Facebook to 20 years of independent audits.
The deal comes as Facebook, the world’s No.1 Internet social networking company, is said to be gearing up for a massive $10 billion initial public offering next year, a source familiar with the matter told Reuters on Monday.
“I’m the first to admit that we’ve made a bunch of mistakes,” co-founder Mark Zuckerberg wrote in a lengthy post on the company’s official blog on Tuesday.
To ensure that Facebook did a better job, Zuckerberg said the company had created two new corporate privacy officer positions to oversee Facebook products and policy.
In its complaint, the FTC said that Facebook had repeatedly violated laws against deceptive and unfair practices. For example, it said Facebook promised users that it would not share personal information with advertisers, but it did.
Also, the company had failed to warn users that it was changing its website in December 2009 so that certain information that users had designated as private, such as their “Friends List,” would be made public, the FTC said.
Chris Conley, policy attorney with the American Civil Liberties Union of Northern California, said the settlement “makes it clear that companies can’t simply change the rules without asking users’ permission.”
But he said that to keep pace with new technology, there was a need for new laws and tools.
“We shouldn’t have to struggle with complicated and constantly shifting privacy settings just to keep control of our own personal information,” Conley said.
Facebook, which has more than 800 million users, has often been criticized for its privacy practices since its founding in a Harvard dorm room in 2004.
Earlier this year, the company came under fire for practices related to its use of facial recognition technology to automatically identify people appearing in the photos that are shared on the service.
On a conference call with reporters on Tuesday, FTC officials said the settlement did not expressly cover the use of facial recognition technology.
They noted, however, that it was broadly crafted so that it would prevent Facebook from deceiving consumers going forward.
Senator Al Franken said in a statement that the absence of provisions covering Facebook’s facial recognition technology was a “gap” in the settlement that he would be “urging the FCC to address.”
If Facebook is found to have violated any of the provisions of the settlement, the company is subject to fines of $16,000 per day for each violation, FTC Chairman Jon Leibowitz said.
“Nothing in this order will restrict Facebook’s ability to innovate,” said Leibowitz. But, he added, “Facebook’s innovation does not have to come at the expense of consumer privacy.”
Under the settlement, which must be approved by an FTC administrative law judge, Facebook is barred from being deceptive about how it uses personal information, and is required to get permission before changing the visibility of the personal information users have posted.
Facebook noted that it had reversed some of the privacy settings at issue in the FTC’s complaint prior to the settlement, including restoring users’ ability to limit who sees their Friends List. And it said it fixed a problem more than a year ago which had “inadvertently” allowed advertisers to obtain the user ID numbers of some Facebook members.
The settlement does not appear to directly impact Facebook’s current advertising-related business practices, in which marketers can target ads to specific segments of Facebook’s audience, based on user traits such as location and gender, said Debra Aho Williamson, an analyst at eMarketer.
“At this point we have no plans to change our forecasts over Facebook’s advertising revenue,” she said, citing eMarketer’s estimate that Facebook will generate $3.8 billion in worldwide ad revenue this year.
Still, the more stringent privacy requirements could complicate Facebook’s ability to roll out new features to its broad base of users, as it competes with a rival social networking service from Google.
In a statement, Facebook said that the settlement “strikes the right balance between innovation and regulation, and gives us the ability to introduce new sharing, connecting and control features that will continue to improve Facebook.”
The settlement follows a similar agreement in March between the FTC and Google Inc over the Web search leader’s rollout of its own social network called Buzz.
In 2010, the FTC settled charges with Twitter, after the agency alleged that the social networking service had failed to safeguard users’ personal information.
Ray Valdes, an analyst at industry research firm Gartner, said he did not think the timing of the settlement was directly related to Facebook’s IPO plans.
“I don’t think it’s directly tied to the IPO. The IPO is still off in the distance,” he said, but added: “There’s some connection. I’d make more of a direct link if this was happening in January.”