"Facebook has agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The settlement is soft on Facebook; there are no fines or criminal penalties. According to the FTC, in December 2009, Facebook 'changed its website so certain information that users may have designated as private – such as their Friends List – was made public. Facebook didn't warn users that this change was coming, or get their approval in advance.' Among the other complaints (PDF), 'Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.'"
The settlement demands that Facebook avoid any new deceptive privacy claims, and also that users must give explicit permission for changes to be made to their privacy preferences. Facebook will be audited every two years for the next two decades to make sure they're holding up their end of the settlement. In a lengthy statement on Facebook's blog, Mark Zuckerberg acknowledged that they'd made mistakes