Facebook is close to a settlement with the U.S. government over charges that it misled users about its use of their personal information, the latest sign of widening public concern over privacy in the digital age.
According to people familiar with the talks, the settlement would require Facebook to obtain users' consent before making "material retroactive changes" to its privacy policies. That means that Facebook must get consent to share data in a way that is different from how the user originally agreed the data could be used.
The pact-which awaits only final approval from the Federal Trade Commission-has the potential to reverberate widely. Myriad online services and companies are developing sophisticated tools for observing people's behavior online and profiting from the personal information they provide. In recent months, the FTC has been signaling that privacy is on the top of its enforcement agenda.
The social network, with 800 million world-wide users, has faced repeated complaints from users that it changed policies to disclose more of their personal information without adequate notice from the company.
The settlement stems from changes Facebook made to its privacy settings in December 2009 to make aspects of users' profiles-such as name, picture, city, gender, and friends list-public by default. At the time, Facebook founder Mark Zuckerberg described the changes as a "simpler model for privacy control."
Users complained and several privacy advocates, led by the Electronic Privacy Information Center, filed a complaint with the FTC, alleging the changes were unfair and deceptive.
Under the terms being discussed, the agreement would require Facebook to submit to independent privacy audits for 20 years, the people familiar with the matter said.
Facebook's move to resolve privacy concerns comes as speculation grows over a possible initial public offering next year, which could value the company at up to $100 billion.
Facebook executives have not said anything publicly about the timing of an IPO. But the company is fast approaching an April 2012 deadline by which securities laws would require it to file public financial results. In recent months, Facebook has revamped its policy team that handles privacy and other government issues.
A person familiar with the matter said the Facebook settlement does not require users to expressly agree to all changes made on the site.
This person said the agreement prohibits Facebook from making information that's already on the site available to a wider audience than previously intended, without the user's express consent. In general, the settlement won't dictate how Facebook obtains user consent for new features.
The Facebook settlement is part of a broader government push to hold companies more accountable for the personal data they collect, store and trade. The FTC last year called for the development of a "do not track" system that would make it easier for Internet users to protect their browsing activity from outside snooping. The Obama Administration has called for a "privacy bill of rights" that would regulate the commercial collection of user data online. And lawmakers have introduced more than a dozen privacy bills in Congress this year.
The settlement would likely put Facebook on the same footing as rival Google, which agreed to a similar settlement with the FTC earlier this year.
In March, Google agreed to develop a "comprehensive privacy program" and submit it to outside review every other year for 20 years, when it settled FTC charges of falsely representing how it would use personal information. The FTC accused Google of telling Gmail users that the information would only be used for email, but then also using it for a social networking service called Buzz.
Twitter Inc. also agreed to outside audits, after the FTC charged the microblogging service with "serious lapses" in its data-security practices after hackers broke into accounts, including one belonging to President Barack Obama. Twitter agreed to conduct security audits every other year for 10 years.
People familiar with the matter said FTC commissioners are likely to vote on the proposed Facebook settlement in the next few weeks. They could approve it, or send it back to FTC staffers and Facebook for changes, which would be unusual. An FTC spokeswoman declined to comment.
"The FTC has made clear that it is stepping up enforcement" of privacy issues, said Lisa Sotto, partner and head of the Global Privacy and Information Management Practice at law firm Hunton & Williams. "Companies would be wise to pay attention to this trend and implement privacy programs that include comprehensive assessments of their privacy practices."
Facebook has changed its privacy settings several times, including reversing some of the changes it made in late 2009.
In response to the initial uproar, Facebook made other changes as well. In May 2010, Facebook simplified its privacy settings for users. In October 2010, it offered a tool to let users share information with just a group of others.
And in August 2011, Facebook began displaying privacy controls more prominently on a user's profile page. It also now lets users control who can see each post.
It's not clear how many of Facebook's privacy changes are included in the FTC's complaint against the company.
One example of Facebook's new approach is its new Timeline feature, which gathers in timeline format historical posts, photos and videos from a user's life. Mr. Zuckerberg said last month that users will have seven days after the feature is introduced to manually edit, or delete, their entries, before the timeline is shared with their Facebook friends.
One point of negotiation between Facebook and the FTC was over the length of time a third party would be required to audit the company's privacy settings, said one person. Facebook wanted just five years, and the FTC wanted a 20-year commitment.
Facebook ultimately agreed to 20 years, said the person.
In a recent interview with Charlie Rose, Mr. Zuckerberg said the company is working to make it easier for people to control their privacy on Facebook.
"It's getting more and more important to be increasingly clear and give people those controls," he said of the site's privacy settings. "I don't think we're at the end. I think we're going to need to keep on making it easier and easier, but that's our mission."