Most sites don't adhere to that at all as there's pretty much no way to "not agree", which means they can not rely on consent as a legal basis for processing PII.
I feel it's important to note that, although implied consent doesn't mean anything in a GDPR context, consent isn't necessarily required at all. It's only one of 6 different justifications a business can use to show their activities are legitimate: https://gdpr-info.eu/art-6-gdpr/
And they all have their own stipulations. Contract requires that the data is needed to perform your part of the contract, legitimate interests requires documentation proving you do need the data and weighed the risks to users
