It's likely that few HNers have a strong enough grasp of the various laws to state how they would pursue Facebook based on law, but all of us have a sense of justice. Whether or not the two coincide is a different discussion.
My happy medium, based on my own sense of justice: give Facebook a year to implement systems that actually protect users' privacy (what that would entail is yet another discussion). If they don't comply, hit them with a hefty fine. We get our privacy, Facebook gets to keep its money - some of which was earned by neglecting our privacy.
Facebook has repeatedly demonstrated that it has no qualms about infringing on privacy, so I would suggest that further changes to Facebook's Privacy Policy be made opt-in only.
Opt-outs should be a privilege that is lost when you repeatedly and intentionally violate federal law.
My happy medium, based on my own sense of justice: give Facebook a year to implement systems that actually protect users' privacy (what that would entail is yet another discussion). If they don't comply, hit them with a hefty fine. We get our privacy, Facebook gets to keep its money - some of which was earned by neglecting our privacy.