Maybe I read a different text than you but I have yet to encounter a scenario in which a user would consent to processing that the law still would not allow. Assuming the consent was gathered according to the basic principles of GDPR, fair, transparent, specific etc.

Maybe I am missing something. Would you provide examples? I would be very glad to learn if there are edge cases I may be overlooking.