> My thinking is that if a data protection office did not fine Meta or Bytedance in a given year, heads would roll. It's a revenue collection device

Not sure which field you work in, but this is already in contradiction with the fact that those companies aren't simply fined spontaneously.

The fine is the outcome of an investigation that started with an inquiry to the company, possibly based on a complaint.

In case of the 1.2bn EUR fine for Meta, the process took YEARS of investigation [0], and the company was fined because the GDPR-violating transfers were "systematic, repetitive and continuous"

[0] https://www.edpb.europa.eu/our-work-tools/consistency-findin...