The parties to the contract are presumably Cloudflare and Mozilla, since that page keeps mentioning their "agreement with Firefox" and "agreement with Mozilla". Therefore Mozilla can enforce it. As for costs to breach, that would be determined by a judge or jury based on damages suffered by Mozilla. Depends to some extent on the actual text of the contract, which hasn't been published.
That's the main mechanism for enforcement, but there are a few additional ways it could theoretically be enforced:
- The FTC and state attorneys general can sue companies for violations of their own privacy policies, as "unfair and deceptive acts and practices". For example, they sued Cambridge Analytica recently. [1]
- The California attorney general in particular would also be able to sue under the California Consumer Privacy Act once it goes into force.
- As for ways for individual consumer to sue... well, it's more difficult, but possible. For instance, a class action suit against Facebook on a grab bag of claims, also related to Cambridge Analytica, recently survived a motion to dismiss. Among other things, the judge held that users could sue for breach of contract if Facebook violated its privacy policy. [2]
That link isn't very reassuring. Who are parties to the contract? Who can enforce it? What does it cost to breach?