Non-compliance with consumer privacy laws can result in significant penalties. Under GDPR, fines can reach up to €20 million or 4% of the annual global turnover, whichever is higher. The CAN-SPAM Act can impose penalties of up to $43,792 per email violation. CASL fines can be as high as $1 million for individuals and $10 million for businesses.