Facebook says that an independent audit found its privacy practices sufficient during a six-month assessment period that followed a settlement with federal regulators.
Facebook Inc. said it submitted the findings to the Federal Trade Commission earlier this week. The audit was a required part of the social networking company's settlement with the FTC last summer. The settlement resolved charges that Facebook exposed details about its users' lives without getting the required legal consent.
Facebook provided a copy of its letter to the FTC along with a redacted copy of the auditor's letter to The Associated Press on Wednesday. The redacted portion contains trade secret information and does not alter the auditor's findings, the company said.
The audit, which found that Facebook's privacy program met or exceeded requirements under the FTC's order, covered written policies as well as samples of its data.
"We're encouraged by this confirmation that the controls set out in our privacy program are working as intended," said Erin Egan, Facebook's chief privacy officer for policy in an emailed statement. "This assessment has also helped us identify areas to work on as Facebook continues to evolve as a company, and improve upon the privacy protections we already have in place.
"We will keep working to meet the changing and evolving needs of our users and to put user privacy and security at the center of everything we do."
Facebook did not disclose the full 79-page report or specific details on shortcomings in its privacy practices that were revealed by the audit. Spokeswoman Jodi Seth said Facebook declined to disclose such details "based on contractual obligations and the possibility of security and competitive vulnerabilities."
The company has asked the FTC to keep the redacted information private, saying it would put it and its auditor at a competitive disadvantage.
The name of the accounting firm is also redacted but that information will be released when the FTC responds to the audit.
A representative for the FTC was not available for comment Thursday.
Much of the FTC's complaint against the company centered on a series of changes that Facebook made to its privacy controls in late 2009. The revisions automatically shared information and pictures about Facebook users, even if they previously programmed their privacy settings to shield that content. People's profile pictures, lists of online friends and political views were suddenly available for the world to see, the FTC alleged.
The complaint also charged that Facebook shared users' personal information with third-party advertisers from September 2008 through May 2010 despite public assurances that it wasn't passing the data along for marketing purposes. Facebook said this only happened in limited instances.
Facebook did not admit any wrongdoing as part of the settlement, but it agreed to submit to audits of its privacy practices for 20 years. This was the first audit.