You've hit the nail on the head. A company is only subject to UK law if it operates from the UK. Facebook's European office is in Dublin, which is why it is subject to Irish/EU privacy legislation.When Twitter establishes its European office, it will similarly become subject to the same laws.
As far as I know, Klout has no UK/EU presence so it's not subject to these laws.
As you can see, it sets out a long range of situations where UK jurisdiction extends outside the UK, in many cases even if the criminal behavior happened entirely outside of the UK.
I'm not a lawyer, and I don't know all the details and whether or not it'd be likely to be possible to get a court in the UK to accept jurisdiction in a case against Klout, but courts in the UK have a lot of flexibility and the fact that they are in the US by no means automatically means UK courts won't or can't claim jurisdiction.
I don't believe so. If I walk into a store in New York and tell them I'm from the UK, they won't suddenly become subject to UK/EU law if they choose to serve me. I'm the one subjecting myself to US law if I shop there, not vice versa.
Further, even if they were subject to EU law on this, how would any action for a breach be enforced?
As far as I know, Klout has no UK/EU presence so it's not subject to these laws.