It's been a while since I was reading through the specs so I could be wrong, but as far as I remember, you kinda had to "collect" the consent status server-side, which feels wrong (because sometimes there wasn't consent), and third-party vendors would get the full consent status even if it's irrelevant for them.
