In addition to the recurring privacy audits, the FTC and Facebook have agreed that Facebook will appoint new privacy-focused employees to run a "comprehensive privacy program" that addresses user privacy and privacy risks in both existing products and any potential new products. Facebook is also required to get explicit consent from users before making any changes that will override personal privacy settings, prevent anyone from accessing user data 30 days after an account is canceled, and is generally forbidden from lying to users about where and when data can be shared.
Facebook says it's already addressed many of the FTC complaints and proactively met many of the requirements outlined in the agreement, and Mark Zuckerberg today announced the appointment of two Chief Privacy Officers: Erin Egan will focus externally on policy, and Michael Richter will focus internally on products. Zuckerberg also says he's "committed to making Facebook the leader in transparency and control around privacy."
The next step is approval of the proposed settlement by the full FTC, and from there the clock begins ticking on that first privacy assessment — and we'll see if all these changes actually make any difference for users.