You're not wrong, but that setup is mostly ineffective against large foreign outfits. They have the ability to dodge and jamm proceedings to the extent that they could continue to profit while the UK is the most inconvenienced. All actions by the UK will require great effort and expense, the counters will not.
Similar idea to the time that Microsoft got fined a million-per-day and Bill just asked if cash would be acceptable. If the net result is still a profit, then the judgment just becomes a tax. If Facebook has to pull out of the UK physically, that would mean a loss of jobs and marketing for UK, but very little loss for Facebook as UK public connects to their american servers.
It's a game that Zuckerberg is well equipped to play, and where politicians are way out of their realm. If they were surprised at his moves so far, he's going to shake them off real easy.
The US congress seems a little more capable in handling them. Facebook is based off American soil, and their politicians are used to dealing with this type of shark.
If the UK really wants to hurt him, don't ask the government to do it. They have failed you all the way to this point, and they will continue that trend. It's that expectation that someone at the top is looking out for them, that landed everyone in this problem. People at the top got to the top by not letting the welfare of others slow them down.
Deleting Facebook. That's what is hurting him, and it's the only thing that will.
I believe Facebook could be fined up to £17m for each mishandling of UK citizens data. We have laws in the UK and the EU surrounding the transfer of user data to foreign countries and how it should be handled/what you can do with the data. It used to be that in a case of a security breach, for example, companies could be fined up to £500,000 by the Information Commissioner. However, we recently changed these laws, I may have posted about it here a while ago. Companies can now be fined 4% of their global turnover, with a £17m cap for each instance of mishandling user info, or even just being hacked and inadvertently disclosing the data of UK citizens if they are found to have slacked on security.
So whilst Facebook is not a UK company, they are certainly not bulletproof when it comes to stuff that affects UK citizens. I don't know what the process is for actually fining a foreign company in this way, but I assume it is a possibility otherwise we wouldn't have the laws.