A regional court in Germany said that the social network, which yesterday apologised after suffering a two-hour outage across Europe, is in breach of German privacy legislation with its Friend Finder service.
The Verbrauchercentrale Bundesverband (VZBV), an organisation representing rights groups in Germany, brought the case in 2010 after expressing concern about how Friend Finder raids a user's email address book to invite others to the social network.
A judge at the District Court of Berlin has now accepted that the system runs contrary to the terms and conditions of consumer rights.
Facebook users can track down 'friends' on the social network via Friend Finder, which imports contacts from their email address book.
But the court has now agreed with VZBZ that Facebook must more clearly inform users that their entire address book is imported to Facebook, and can be used to invite friends to join the social network.
Facebook had already adjusted Friend Finder in anticipation of the case, but the court agreed with VZBV that the changes do not go far enough.
Another part of the ruling covered the ownership of personal data uploaded to Facebook, particularly over whether Facebook owns the rights to original photos or music on its site and can use them for other purposes.
The judge again agreed with VZBZ that Facebook's use of personal content was in violation of data protection laws, and therefore ruled that the site can only use any original 'works' if it has the full permission of users.
VZBV chief executive Gerd Billen told The Inquirer that this was a "milestone" verdict as it meant that Facebook must "respect the privacy protection in Europe".
He said that the group will keep a close eye on Facebook's activity, and urged the site to always consider local data protection rules before rolling out any major privacy changes.
It is not clear whether Facebook will appeal against the verdict. The firm said in a statement: "We will take a close look into the details of today's court decision as soon as they are available and then decide on the next steps.
"Facebook Ireland Ltd, which provides our service to people in Germany, is committed to adhering to European data protection principles as demonstrated by the recent report of the Office of the Irish Data Protection Commissioner."
> Google is 'sneaking' away people's privacy, warns EU