NEW YORK (CNNMoney) -- Facebook has agreed to 20 years of privacy audits to settle a lengthy complaint from the Federal Trade Commission, which says Facebook misled its members about its use of their private data.
Facebook "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public," the FTC said in its complaint.
The complaint cites several examples of alleged false promises from Facebook, most of which took place several years ago. One example: In December 2009, Facebook changed its website so that some information that users had shared with a private group of friends was made public -- and users weren't warned about the change.
These events "were unfair and deceptive, and violated federal law," the FTC said.
"Facebook's innovation does not have to come at the expense of consumer privacy," FTC chairman Jon Leibowitz said in a prepared statement.
Under the terms of the settlement, Facebook will have to undergo a third-party privacy audit every two years for the next 20 years. Twitter and Google (GOOG, Fortune 500) have recently signed similar deals with the FTC.
Facebook founder Mark Zuckerberg commented on the FTC settlement in a Facebook blog post on Tuesday afternoon.
"Overall, I think we have a good history of providing transparency and control over who can see your information," he wrote. "That said, I'm the first to admit that we've made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done."
Leibowitz, the FTC chairman, called Zuckerberg's post "a good sign" in comments during a conference call with reporters on Tuesday.
"He admits mistakes," Leibowitz said on the call. "That can only be good for consumers."
But Leibowitz ducked a reporter's question about why, if Zuckerberg was admitting mistakes, the FTC settlement did not include an admission of guilt.
The FTC does not have the ability to levy a monetary fine for violations, but it can do so if Facebook disobeys the order -- to the tune of $16,000 per day.
A reporter asked the FTC whether Facebook could be fined for "violating the spirit of the order" -- for example, changing privacy settings for a site feature that isn't expressly named in the complaint.
"It's a little bit hypothetical, but the order is very broad about deception," Leibowitz said.
He later added: "Nothing is absolutely certain, but we believe this provides a very good level of privacy protection going forward."
Facebook also on Tuesday named two executives to new roles focused on privacy.
Erin Egan will become the company's chief privacy officer in charge of policy, while Michael Richter will become Facebook's chief privacy officer in charge of products. The company's former privacy chief, Chris Kelly, left Facebook last year during his failed run for attorney general in California.
The moves come as Facebook begins opening a new Pandora's box of privacy issues.
In September, Facebook began rolling out new features that let "social apps" broadcast every interaction users have with them. The apps are opt-in, but few users read the fine print or adjust the default settings. Many have been surprised to find applications like Spotify and the Washington Post broadcasting every song they stream or story they read.
At this year's F8 conference, Facebook's annual gathering for developers, Zuckerberg laid out his vision of a Facebook that records and transmits every detail of its members' lives: "Your runs, your bike rides, your cooking and eating, your sleeping, your happiness, your fashion -- anything you want."