Facebook's alleged violations of European data laws are to be scrutinised in court by a student group.
Europe v Facebook is unhappy about "half-hearted solutions" following an audit by the Irish Data Protection Commissioner.
The group says it will take the IDPC to court for what is sees as failures to implement the changes.
It believes the case could eventually go to the European Court of Justice.
"If we get these things before the courts, it is very likely that it goes all the way to the European Court of Justice. Such a case would be a landmark for the whole IT industry," said Max Schrems, the spokesman for Europe v Facebook.
Despite the fact that, under Irish law, it will have to take the IDPC to court rather than Facebook, the group still sees it as a battle with the social network.
"In the end it will be us against Facebook because any outcome will affect how it can use data," Mr Schrems told the BBC.
The IDPC said that is waiting to hear from Europe v Facebook but that it would "commence the process" as soon as it did.
The group has been campaigning for better data protection for Facebook users for over a year and filed numerous complaints with the Irish Data Protection Commissioner.
It triggered an audit which required Facebook to disclose more user data and, importantly , to turn off its facial recognition feature in Europe.
The feature put forward suggestions when registered users could be tagged in photographs.
But the group does not think the changes go far enough.
"The Irish authority is miles away from other European data protection authorities in its understanding of the law, and failed to investigate many things. Facebook also gave the authority the run-around," it said in a statement.
It feels that the social network has failed to fully implement the changes.
Some 40,000 users have exercised their right to get a copy of all the data Facebook is holding on them but the group is unhappy about the tools the social network provides to users and is critical that, in 13 cases, the social network failed to meet the deadline for data delivery.
It is also questioning why facial recognition has only be deactivated for EU citizens given that Ireland is responsible for all users outside of the US and Canada.
In response Facebook issued a statement: "The way Facebook Ireland handles personal data has been subject to thorough review by the Irish Data Protection Commissioner over the past year. The two detailed reports produced by the DPC demonstrate that Facebook Ireland complies with European data protection principles and Irish law,
"Nonetheless we have some vocal critics who will never be happy whatever we do and whatever the DPC concludes," it said.
Facebook also faces a class-action lawsuit in the United States, where it is charged with violating privacy rights by publicising users' "likes" without giving them a way to opt out.
A judge gave preliminary approval for the case to be settled by paying users up to $10 (£6.20; 7.60 euros) each out of a settlement fund of $20m.
Meanwhile users are voting on whether they want proposed changes to privacy settings to go ahead. It could be the last user-generated vote on the network as Facebook is keen to scrap the system.
So far about 35,000 have voted. In order to change the plans, 30% of users - or 300 million - need to take part in the vote.