After news broke last week that data firm Cambridge Analytica illegally mined private information from 50 million Facebook users, Facebook’s CEO Mark Zuckerberg was surprisingly quiet—even as some social media users called for people to delete their Facebook accounts.  But yesterday, after pressure from Facebook users and the media, the tech boss sat down with CNN to apologize and address *some* of the problems with his platform that led to Cambridge Analytica’s ability to misuse data.

“I’m really sorry that this happened,” Zuckerberg said to  Laurie Segall in the exclusive interview. He also said he would be “happy to” testify before Congress, “if it’s the right thing to do.” Besides the apology, Zuckerberg shared a lengthy Facebook post outlining what the company is doing going forward to ensure such a data breach doesn’t happen again.

“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” the post said. “I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there’s more to do, and we need to step up and do it.”

Zuckerberg says his company will begin investigating all apps that have had access to large amounts of user information before it changed its rules about third-party data sharing. Developers who are known to misuse personal data will be banned outright.

Further, Facebook is restricting developers’ data access. What this means, essentially, is that from now on, it’ll only give third-party apps access to a user’s name, profile photo, and email address; the apps will have to get approval and sign a contract to ask for more. The site will also remove developer access to that data if a user has been inactive for three months.

The company is also making it easier for users to access their privacy settings. A tool that sat in the privacy settings will now be at the top of the news feed, making it more prominent for users to see and revoke which apps have access to their data.

The company will also notify the users whose personal information was collected and illicitly shared with Cambridge Analytica.

While these changes are positive, Zuckerberg regrets not doing his due diligence to stop the breach from happening in the first place — a regret that over two billion Facebook users likely share.

“I wish we’d taken those steps earlier,” Zuckerberg told Segall. “That … is probably the biggest mistake that we made here.”

 (Photos via David Ramos/Getty Images + AP Photo/Ben Margot, file)