The report just says he's asking for browsing activity off Facebook. It's not clear whether he also has a FB account or whether he's a non-account holding innocent bystander.
It doesn't matter.
(And that's questionable at the start) or if they use .js from FB which has nothing to do with the cookies.
So the UK has every right to go after them.
If he is an account holder, then under the GDPR they have to detail what details they collect and how they use it so that the user/punter/shill has the option to 'opt-in' giving them an informed consent to track him.
That's not so clear therefore it too is against the law.
Either way you cook it... its still tainted meat and you will get sick. ;-)