Facebook's business model of generating revenue through third-party applications running on its systems could be dealt a blow by European privacy concerns.
European regulators say tighter rules are needed to protect personal data given to this third-party developers, according to the Financial Times.
The views are contained in an opinion paper by a group of European national data protection and privacy commissioners that advises the European Commission.
The group, known as the Article 29 Working Party, believes developers should be subject to EU privacy and data protection rules, even if developers are located outside Europe.
The group also argues that many corporate marketers who have turned to social media like Twitter as a way to reach consumers should be subject to tougher regulations.
The views of the Article 29 Working Party do not carry any formal authority, but could affect future revenue growth plans by Facebook, Twitter and other social media sites if they are adopted by individual national regulators.
Facebook has responded cautiously to the recommendations, saying the web industry is in need of a regulatory framework for companies to continue to innovate.
It described the opinion by the Article 29 Working Group on social networking services as "an important step in providing the industry with practical guidance for their operations in the EU", but said the views will now need to be "assessed in detail by all companies with services in this area."
Read more on IT legislation and regulation
Irish High Court dismisses legal bid by Facebook over EU-US data transfers
All EU states can take data protection cases against Facebook, says EU court
Irish privacy watchdog orders Facebook to stop sending user data to the US
Schrems v Facebook: European court strikes down EU-US Privacy Shield agreement