Social media is a great way to stay in touch. But as law enforcement agencies have discovered, it can also be a great way to monitor and track people. That’s why Facebook on Monday took new steps to stop companies using its data to build surveillance tools.
“Over the past several months we have taken enforcement action against developers who created and marketed tools meant for surveillance, in violation of our existing policies; we want to be sure everyone understands the underlying policy and how to comply,” wrote Rob Sherman, Facebook’s deputy chief privacy officer, in the blog post.
Facebook also thanked the American Civil Liberties Union of California and other advocacy groups for helping it develop the new surveillance policies.
The news comes after an outcry last year over companies that sell social media-based surveillance systems to police departments and foreign governments. Such tools might, for example, use facial recognition tools to scan a crowd of people and identify the faces against a database of Facebook users. Or they might draw on location data obtained from Twitter (twtr) to monitor the movements of a given user.
Get Data Sheet, Fortune’s technology newsletter
There have been news reports of police using such software at Black Lives Matter protests in Baltimore, and of foreign governments using it to track dissidents in countries like Turkey and Saudi Arabia.
As Fortune reported last year, Facebook and Twitter have already taken steps to stop certain companies, such as Chicago-based Geofeedia from getting access to their data. Doing so has in turn dealt a blow the business model of such companies.
Facebook’s new policy is unlikely, however, to be 100% effective since there is only so such it can do to monitor how developers use its data.
Like many other companies, Facebook provides access to so-called APIs (application program interfaces), which let third parties build services on top of its platform. This provides benefits to both users and Facebook. But as the surveillance issue shows, the access can be abused.