Under the proposed settlement Facebook will have to submit to independent privacy audits but will not have to fix what it has done in the past.
Facebook must now overhaul privacy protection for more than half a billion users outside North America after a three-month investigation found that its privacy policies were overly complex and lacked transparency.
The probe by the Irish Data Protection Commissioner (DPC) at the US company’s international headquarters in Dublin found users risked unknowingly publicising personal details.
Users might not be aware, for example, that uploading their photos made them publicly searchable until they changed the setting on their Facebook page.
Facebook’s Ireland office handles all of its users outside the United States and Canada ::::
The group operates the world’s largest social networking website with 800 million users, the majority of them outside North America.
“This was a challenging engagement both for my office and for Facebook Ireland,” Irish Data Protection Commissioner Billy Hawkes said in a statement.
“Arising from the audit, FB-I (Facebook Ireland) has agreed to a wide range of ‘best practice’ improvements to be implemented over the next six months.”
The changes include giving users more information about how Facebook and third-party apps handle their personal information, deleting certain details more promptly and giving users a clear warning that it uses facial-recognition technology that automatically tags them in photographs.
Another formal review will take place in July.
Facebook said making the changes would require intense work.
“The DPC’s review of our existing operations highlighted several opportunities to strengthen our existing practices,” said Richard Allan, director of public policy at Facebook EMEA.
Last month, Facebook founder and chief executive Mark Zuckerberg said the group had made “a bunch of mistakes” in how it handled personal data.
It reached a settlement with the US Federal Trade Commission in November over a privacy complaint.
Irish officials had received 22 complaints about Facebook from privacy campaign group Europe V Facebook and three from the Norwegian Consumer Council.