Facebook has been ordered to tighten its privacy practices and delete unneeded data sooner, after an investigation by Irish regulators.
Widespread changes for the social networking site include making its terms and conditions clearer and giving users greater control over how their data is used.
The office of the Irish Data Protection Commissioner (DPC) carried out the audit on Facebook Ireland (FB-I) as the international headquarters is responsible for all users outside the US and Canada.
Commissioner Billy Hawkes said: "FB-I has agreed to a wide range of 'best practice' improvements to be implemented over the next six months, with a formal review of progress to take place in July of next year."
The study, carried out over the last three months, was the most comprehensive ever undertaken by the DPC.
It focused on complaints addressed by the Europe-versus-Facebook group, the Norwegian Consumer Council and a number of individuals.
One claimed Facebook was creating "shadow profiles" of people who are not members.
The regulator found data is collected about non-users for security purposes, Facebook does not otherwise use it and does not create shadow profiles.
"While certain data which could be used to build what we have seen termed as a 'shadow profile' of a non-user was received by Facebook, no actual use of this nature was made of such data," the report said.
"FB-I is now taking active steps to delete any such information very quickly after it is received."