Facebook chief operating officer Sheryl Sandberg said in an interview with the Financial Times published on Thursday that the company was too slow to respond to recent privacy crises, prominently including the alleged harvesting of data by Cambridge Analytica.

“To this day, we still don’t know what data Cambridge Analytica have,” Sandberg admitted.

Sandberg said Facebook has not invested sufficiently in safety and security for its users, but is working to address that deficiency. She noted that several significant privacy updates have been made to the Facebook platform since the Cambridge Analytica story broke, and more will be made to comply with Europe’s new General Data Protection Regulation, a new set of privacy regulations that Sandberg applauded.

“We made mistakes and I own them and they are on me. There are operational things that we need to change in this company and we are changing them… We have to learn from our mistakes and we need to take action,” she said.

“When Cambridge Analytica first happened it was a mistake for Mark and me not to speak out earlier and faster. We wanted to make sure we knew exactly what happened,” Sandberg explained, referring to Facebook CEO Mark Zuckerberg.

“We announced two earnings calls ago that we were going to make much bigger investments in safety and security. We underinvested and I take responsibility for that,” she said.

Sandberg also did an interview with NPR, in which she admitted Facebook does not know if other companies exploited the private data of users as Cambridge Analytica did. She promised that the company would notify users as it discovered additional intrusions.

“We really believed in social experiences. We really believed in protecting privacy. But we were way too idealistic. We did not think enough about the abuse cases,” she said, apologizing on behalf of herself and Zuckerberg for not doing enough to protect user data.

“I think what really matters is that we learn from what’s happened. Security is an ongoing game,” Sandberg mused.

In another Financial Times piece on Friday, European Union Justice Commissioner Vera Jourova said Facebook’s responses to questions about data security in the wake of the Cambridge Analytica scandal were unsatisfactory.

“Unfortunately some explanations fall short of my expectations. It’s clear that data of Europeans have been exposed to a huge risk and I am not sure if Facebook took all the necessary steps to implement change,” Jourova said.

“This story is too important, too shocking, to treat it as business as usual,” Jourova said of the privacy scandal. “The internet is not a space free of the rule of law. The rules that apply offline also need to be respected in the online world.”

The EU commissioner also indicated dissatisfaction with Facebook’s countermeasures against disinformation campaigns such as Russia’s alleged meddling in the 2016 U.S. presidential election, calling such attacks “a threat to our democracy and electoral processes.”

The Financial Times added that Europe’s stringent security commissioners might also be worried about recent stories such as Facebook taking its name a bit too literally and turning dodgy facial recognition software against its users without their consent, and Facebook executives suddenly manifesting the unique ability to selectively delete their old messages from the platform, which is impossible for other users.