Facebook does show a limited list in small light gray text that describes access that will be granted to an app provider when the user decides to download an app, suggesting that the sharing of this data is allowed, the VZBV said. However, sharing data with third-parties is only allowed under German law after an explicit and informed consent of the user, it said. Facebook's App Center therefore clearly violates telecom and competition laws, it added.
Facebook declined to comment. The social network "is currently looking into this", a spokeswoman said in an email. The VZBV did not immediately respond to a request for comment.
The social network has been under renewed data protection scrutiny in Germany and other European countries lately. Earlier this week for example privacy campaign group Europe vs. Facebook threatened to take the Irish Data Protection Commissioner to court if it is not satisfied with the DPC's final responses to its complaints about Facebook's privacy policies.
The group made the threat because it thinks the DPC did not act in the best interests of users when it audited the social network's privacy policies. While Facebook went beyond the recommendations by deciding to delete all facial recognition data it had stored about its E.U. users, Europe vs. Facebook thinks there is more that can be done to protect users' privacy better.
VZBV expects the first hearing in the case to take place in Summer 2013.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org