Facebook's FTC punishment could involve 20 years of oversight

Sources say that the penalty could be announced in a month.

Facebook and the Federal Trade Commission (FTC) are edging closer to negotiating the tech giant's multibillion dollar penalty for security failures. Reuters reports that the deal "could be a month away" and could put the company under 20 years of privacy oversight.

The FTC began investigating Facebook following last year's Cambridge Analytica scandal, when it emerged that the consultancy had harvested the data of as many as 87 million people without their permission. The FTC is now trying to determine whether Facebook's actions breached a 2011 privacy protection agreement with the government. The agreement required Facebook to obtain permission from users before sharing their data, and to carry out third-party conduct audits every two years for 20 years to ensure its measures are working.

The FTC and Facebook have reportedly been in discussions for months in a bid to settle the investigation, with the social platform revealing last month that it had put aside $3 billion to cover a possible fine. However, Facebook says the fine could ultimately be as high as $5 billion, which would be the largest ever against a US tech company and dwarf the previous FTC record of $22.5 million, paid by Google in 2012.