This sentence: "including giving consumers clear and prominent notice and obtaining consumers' express consent before their information is shared beyond the privacy settings they have established" was the killer to me. It forces FB to much more transparent about what it does with data and could have a significant shift in its revenue model.
The trouble is, it only "forces" Facebook to do anything if there will be meaningful sanctions if they don't.
They've just been found, in a formal investigation, to have broken numerous fundamental privacy laws across several continents, and been punished with... absolutely nothing, as far as I can tell.
All this has done is teach them that they are above the law and should feel free to continue doing whatever they like without regard to the consequences for the hundreds of millions of real people who are counting on them to behave responsibly.
Those "audits" will be toothless, and the only effect we'll ever see from them is the occasional headline. Read up on Microsoft since the late 90s or IBM since the early 80s, among many others.
The FTC's presence in FB's business decisions will only lend an air of legitimacy to what would otherwise cause problems with their users, and transforms FB's business model from "users are dumb fucks" to "Mom said I could."
No, it just means that changes to privacy that affect existing data should be announced beforehand. However, I doubt that they'll tell you which data will be affected.
Have fun scrolling through your entire FB history to update permissions!
Not really. If they provide clear and transparent notice to users on what they are doing with their data, then what they are doing is fine -- "caveat emptor."
