The Federal Trade Commission is considering slapping a “record-setting” fine on Facebook for the company’s privacy abuses in the case of Cambridge Analytica, reports the Washington Post. And the penalty could be the largest leveled by the agency on a tech company ever before. The FTC has been investigating Facebook since March over the revelations that the social media giant handed over the personal data of millions of its users to the Trump-connected political data consultancy Cambridge Analytica–without the permission of the users. The Post’s report cites three people with knowledge of the discussions. The most the FTC has fined a tech company in the past was a $22.5 million dollar penalty on Google in 2012. Some rightly pointed out that amount is a marginal business cost to Google. Facebook made a promise to the FTC in 2011–in the form of a consent decree–that it would get the explicit permission from users before sharing their personal data with any third party. The Cambridge Analytica affair turned out to be just the first in a string of privacy scandals involving Facebook. A bombshell New York Times report in November portrayed a company that cared far more about adding users, amassing their data, and more profitably monetizing that data, than respecting the privacy of its customers. And Facebook allowed its users to be subjected to a massive, coordinated Russian campaign to swing the 2016 U.S. presidential race toward Donald Trump by firing up right-wing voters and–most insidiously–persuading likely Hillary Clinton voters to stay home on election day. More than any other company, Facebook has pushed the issue of personal data privacy to the attention of lawmakers in Washington, who are now circulating bills establishing hard rules on how U.S. companies must protect user data. Some of the bills being circulated give additional powers to FTC to create additional rules and carry out enforcement actions.