California officials revealed that they’re investigating Facebook Inc. over its privacy practices in a news conference this morning, just hours after the social network disclosed it had inadvertently made some user data accessible to outside app developers.

California Attorney General Xavier Becerra opened the probe 18 months ago to look into the Cambridge Analytics scandal. From there, the focus of the investigation expanded to include the matter of “whether Facebook has violated California law, by among other things, deceiving users and ignoring its own policies in allowing third parties broad access to user data,” stated court documents filed by Becerra’s office.

Officials are petitioning the San Francisco County Superior Court to order that Facebook turn over documents related to its handling of user data. The social network earlier failed to provide all of the information that the attorney general’s office requested as part of its investigation, according to the filing. 

The subpoenaed information includes details about modifications to Facebook’s privacy policy and documents detailing how it protects user data. In addition, California is requesting records of certain executive communications. The court petition charges that Facebook failed to look for pertinent information in the emails of Chief Executive Officer Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg. 

“If Facebook had complied with our legitimate investigative requests, we would not be making this announcement today. But we must move our investigation forward,” Becerra was quoted by Reuters as saying.

The California investigation comes on top of the probes into Facebook being pursued by the Federal Trade Commission and a coalition of 47 attorneys general. Separately, the House Judiciary Committee and the Justice Department are each conducting broader reviews of the tech industry that encompass the social network’s business practices.

Privacy will inevitably continue to be a focus for regulators scrutinizing Facebook. The company’s latest privacy snafu emerged only yesterday afternoon, when it disclosed that a flaw in an application programming interface gave about 100 outside developers access to off-limits user data. The bug affected information about participants in Facebook Groups. 

“We recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended,” Konstantinos Papamiltiadis, Facebook’s head of developer platforms, wrote in the disclosure. “We have since removed their access.”

Papamiltiadis added that at least 11 partners accessed group members’ information in the past two months. The company found no sign of abuse, the executive said, but has asked the developers to delete any user data they might be storing on their systems. 

Image: Christoph Scholz/Flickr