The settlement bars the social networking site from making any "further deceptive privacy claims" and requires the company to "get consumers' approval before it changes the way it shares their data," the FTC said.
The deal also requires Facebook to provide its users "clear and prominent notice" before their information is "shared beyond the privacy settings they have established." In addition, Facebook is required to obtain periodic audits of its privacy policies for the next 20 years.
"Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users," said FTC Chairman Jon Leibowitz in statement. "Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not."
The settlement stems from an investigation in December 2009, when Facebook changed its privacy settings. At the time, Facebook founder and CEO Mark Zuckerberg described the changes as a "simpler model for privacy control."
But it was later discovered that the profiles of certain users, who had deactivated or deleted their accounts, were still accessible.
Google Inc. agreed to similar audits in March, when it settled FTC charges of falsely representing how it would use personal information.