It’s different depending on where you live.
Individuals on facebook are responsible for their own personal password security.
This user should contact the facebook fraud department and make a request.
If the individual believes that you have accessed their account when you were not authorized, they would have to get a lawyer and prove it in a court of law. Not an easy thing to prove without ISP and data centre hosting logs.
It really comes down to capital and if the person is upset enough to dump loads of cash into fighting you over it. The police have very little jurisdiction on the internet and can basically make nice requests that individuals stop what they’re doing. That seems to be changing though.
Further, internet providers very rarely hand out personal information unless a warrant is presented by the police. Make the police prove they have the evidence to backup their claims by showing you record of the warrant used to gather your information. Don’t get bullied into admitting something you didn’t do. The judge has the final say.
When all else fails, force them to prove that you were the invidiual sitting at this comptuer at this time of day. Even with IP addresses it may have been another individual in your house using your internet. I would start researching piracy cases in your country. Specifically the ones where the case was thrown out to see what happened.