Google will be subjected to independent privacy audits for the next 20 years over charges that it "violated its own privacy promises".
The US Federal Trade Commission (FTC) said that the search giant wrongly used information from Google Mail users last year to create its social network Buzz.
The FTC ruled that "the options for declining or leaving the social network were ineffective".
"Google Buzz fell short of our usual standards," Google said in a blog post.
"While we worked quickly to make improvements, regulators unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening again.
"Today, we've reached an agreement with the FTC to address their concerns."
That agreement will require Google to undergo a privacy review once every two years for the next 20 years.
"When companies make privacy pledges, they need to honour them," said Jon Leibowitz, chairman of the FTC.
"This is a tough settlement that ensures that Google will honour its commitments to consumers and build strong privacy protections into all of its operations."
Buzz's launch in February 2010 came under heavy criticism from users.
According to Google, the system was designed to bring together members' personal and private lives.
One widespread complaint was over a feature that allowed it to publicly list other Gmail contacts a user was most frequently in touch with.
While this feature could be turned off, the default setting was to leave it on - potentially revealing a user's contact with an ex-spouse, employer or similar.
The FTC said "deceptive tactics" were used to populate the network with personal data gained from use of Gmail, and that when users were given the change to opt-out of Buzz, they were still enrolled in some of its features.
For those that did decide to opt-in, the FTC says the implications of that were not made clear.
"Google also offered a 'Turn off Buzz' option that did not fully remove the user from the social network," it said.
"If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use."
It must also "establish and maintain a comprehensive privacy program".
It is the latest in a line of privacy blunders from Google.
In November 2010, some users of Buzz sued the company over privacy violations.
Google settled that case by setting up an $8.5m (£5.2m) fund to support "organisations working on privacy education and policy on the web".
It apologised to users for insufficient testing of the service.
Earlier this month, the company was fined after mistakenly gathering personal data from unsecured wi-fi networks while taking pictures for its Street View service.
Reflecting on the latest settlement, Alma Whitten, Google's director of privacy, product and engineering, said: "We'd like to apologize again for the mistakes we made with Buzz.
"While today's announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward."