Facebook has agreed to tighten privacy controls as part of a settlement with US regulators over abuse of user data.
The Federal Trade Commission said Facebook would tighten consent rules on privacy, and close access to deleted accounts in 30 days or less.
The case began in 2009, when Facebook changed settings to make public details users may have deemed private.
In a blog post, Facebook founder Mark Zuckerberg said the company had made a "bunch of mistakes".
But he added that this has often overshadowed the good work that the social networking site had done.
Facebook had addressed many of the FTC's concerns already, he said.
The FTC said Facebook, which has 800 million users, had agreed to get consumers' approval before changing the way it shares their data.
Facebook did not admit guilt and was not fined, but it was barred from "making any further deceptive privacy claims" and will undergo regular checks on privacy practices, the FTC said.
"The proposed settlement requires Facebook to take several steps to make sure it lives up to its promises," the FTC said in a statement.
That includes giving consumers "clear and prominent notice and obtaining consumers' express consent before their information is shared beyond the privacy settings they have established".
Mr Zuckerberg said in his blog: "We're making a clear and formal long-term commitment to do the things we've always tried to do and planned to keep doing - giving you tools to control who can see your information and then making sure only those people you intend can see it."
The settlement follows a similar agreement in March between the FTC and Google over the web search firm's own social network, Buzz.
Last year, the FTC settled with Twitter, after the agency alleged that the service had failed to safeguard users' personal information.