After years of storm from privacy scandals and federal investigations, the Federal Trade Commission (FTC) has resolved that Facebook (NASDAQ:FB) should pay a $5 billion fine. The decisions comes as the social media giant continues to grapple with privacy issues.

The Cambridge Analytica scandal

For a long time, little was known about how Facebook handles user data. As such, federal scrutiny was limited in terms of scope.

Issues with data privacy gained prominence after reports that Cambridge Analytica mined data and manipulated it to help Donald Trump win the US Presidential elections. In fact, FBI investigations found that the company had been obtaining user data improperly since 2015.

At the same time, the FTC launched an inquiry to find out if the data collection violated the consent decree which governs consumer information in possession of tech companies. Incidentally, the findings show that, actually, the decree was violated.

In a statement, the FTC Chairman said on Wednesday, “Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices.”

Facebook takes the blame

Interestingly, Facebook is taking the blame for privacy violations done by Cambridge Analytica. In a statement posted on his Facebook timeline, Mark Zuckerberg, the CEO of Facebook, said that the company will pay the fine after coming to a consensus with the FTC. More important, Zuckerberg committed to undertaking “major structural changes” concerning how the company is run and how they build products.

Further, the statement outlined Facebook’s commitment to bolster the security of user data. Zuckerberg said that the company is ready to set new standards for the social media industry in as far as privacy practices are concerned.

“Our executives, including me, will have to certify that all of the work we oversee meets our privacy commitments,” Zuckerberg’s statement read.

The US is not alone in moving to push tech companies into more protection of consumer information. In late May 2018, the EU inaugurated the General Data Protection Regulation (GDPR). Under the law, tech companies must seek consent before obtaining consumer information, and their privacy practices must be more open.