Before a policy change in 2014, Facebook (FB) gave third-party apps on the social network broad access to the personal data of those who used the apps—and, controversially, the data of those people’s contacts.

This was how researcher Aleksandr Kogan netted the data of tens of millions of people, which he allegedly passed on to the Cambridge Analytica political consultancy. When that episode became apparent this year, the ensuing scandal led Facebook—which claimed Kogan had promised he only wanted the data for research purposes—to audit other instances where apps might have hoovered up data for illicit purposes.

“We have large teams of internal and external experts working hard to investigate these apps as quickly as possible,” said Ime Archibong, Facebook’s head of product partnerships, on Monday. “To date thousands of apps have been investigated and around 200 have been suspended—pending a thorough investigation into whether they did in fact misuse any data.”

If the apps are found to have misused people’s data, they will be banned and the affected Facebook users notified.

Of course, all this depends on Facebook’s definitions of misuse. Before Facebook’s policy change in 2014, many privacy advocates were complaining about the poor ethics and illegality—in Europe at least—of allowing third-party apps so much access to people’s data, without their consent, in the first place.