-> When consent has been given by a user, then we should track the requests, even if this user has previously opted-out.
&consent=1to all Tracking API requests that were consented.
&consent=1was not set.
This makes only sense though when Matomo users are aware to not embed the opt out iframe when using the consent feature. If the Matomo user / website owner is not aware that they are mutually exclusive, then an opted out user would not expect to be tracked.
The safe solution that respects the privacy of users more be to never track when the user has opted out. (This is the current implementation).