Suppose one had a facebook pixel tags set up on google tag manager, and they are firing with google consent mode, meaning, if people refuse the cookies, a cookieless ping will be sent (for instance) facebook, and then facebook will be able to track clicks and so on.
Assuming the web site operator, who is the data controller, was relying on the "consent" legitimate purpose, would they be required to obtain consent from the user to allow this behaviour on their web site?