Could GDPR Consent String Fraud Bring Down the Whole Ad Tech Ecosystem?

Thus, couldn’t it theoretically be the case that an ad tech vendor has consent from Google, and not the IAB, and then unwittingly shows a personalized ad that it shouldn’t, believing that it has consent from both? In other words, an ad tech vendor might just decide that consent from Google implies consent from the IAB. That might help to explain at least a few cases of consent string fraud that were never even imagined by the technical working groups of the IAB and Google. Source: