“Need” is a very strong word. Any potential fines will just be rolled into the costs of doing business, and if it’s found to still be worth it they’ll keep abusing user privacy as there is a net benefit profit-wise.

IIRC, the fines are some % of revenue. Basically enough to tap into margins.

Up to 4% of global turnover, so substantial.

From personal experience, businesses I've dealt with in the EU are eager to be compliant as long as it's applied across the board (ie, they aren't losing their competitive advantage).