Mark Zuckerberg has said it was a mistake to rely on Cambridge Analytica (CA) to delete tens of millions of Facebook users' data as he apologised for the "major breach of trust".
The site's founder said the political consultancy had provided formal assurances that information harvested from 50 million profiles had been destroyed after Facebook first learned of the breach in 2015.
Mr Zuckerberg said he was now open to Facebook being regulated and accepted that malign actors were trying to use the site for political ends.
The site has been rocked in recent days by the row involving CA, who are accused of using the data to help Donald Trump's US presidential campaign target political ads on the platform.
The company has denied using Facebook data in its work on the campaign.
The scandal has prompted calls from politicians on both sides of the Atlantic for Mr Zuckerberg to answer to them in person for the breach.
The billionaire told CNN he would be happy to appear before US Congress "if it's the right thing to do".
"This was a major breach of trust, and I'm really sorry that this happened," he told CNN.
On Wednesday Mr Zuckerberg made his first public statement since the controversy erupted - via a Facebook post.
Journalists at The Guardian had told Facebook in 2015 that Aleksandr Kogan, a Cambridge University professor, had shared data from an app he had developed with CA, he said.
Facebook immediately banned Dr Kogan's app and demanded that he and CA delete the data, for which they provided "certifications" that they had, the boss said.
Last week the company was alerted by The Guardian, The New York Times and Channel 4 that CA may not have deleted the data as they had said and the firm was banned from Facebook.
"I don't know about you, but I'm used to when people legally certify that they are going to do something, that they do it. But I think this was clearly a mistake in retrospect," Mr Zuckerberg told CNN.
Prof. Kogan is alleged to have surveyed more than 270,000 Facebook users through an app he created.
Facebook's settings at the time allowed app developers to access the personal data of not just the people who used their app, but of all of their friends as well.
Mr Zuckerberg said Facebook has already taken the most important steps to prevent such a situation from happening again.
He told the broadcaster the site would be reviewing thousands of apps in an "intensive process".
Facebook will ban developers who do not agree to an audit, and an app's developer will no longer have access to data from people who have not used that app in three months.
He said he was confident Facebook could "get in front" of the problem.
"This isn't rocket science. There's a lot of hard work we have to do to make it harder for nation states like Russia to do election interference," he said.
Mr Zuckerberg's apology came after a former employee of the company told MPs that Facebook had a "wild west" approach to looking after its users' data and had "little detection" of any violations of its policies.
Whistleblower Sandy Parakilas, who worked in policy compliance and data protection for Facebook between 2011 and 2012, claimed the company "had very few ways of discovering abuse or enforcing on abuse when it was discovered".
Facebook shares have slid by more than 7.6% since the first allegations were reported at the weekend by the Observer, and the firm received a backlash online - with a number of users reporting that they were deleting their accounts, including the co-founder of WhatsApp, which was bought by Facebook in 2014.
The company is also facing legal action from some of its own shareholders, who claim the company made "materially false and misleading statements regarding the company's business, operational and compliance policies".
CA chief executive Alexander Nix was suspended after recordings emerged of him making a series of controversial claims, including boasts that CA had a pivotal role in the election of Donald Trump.
Downing Street confirmed on Wednesday that the Government employed CA parent company SCL for a contract with the Ministry of Defence, but said this had ended before the recent allegations came to light.
"We are looking across Government to see if there were any other contracts," said a spokesman. "As the Prime Minister said, we are not aware of any current contracts."
The Conservative Party said it had been approached by CA with a pitch for work during David Cameron's leadership, but said this was rejected.
"The Conservative Party has never employed Cambridge Analytica or its parent company, nor used their services," a Tory spokesman said.