that’s not true in the EU.
the reason those cookie banners are everywhere, for example, is because the EU requires explicit consent for a lot of things that used to be covered by ToS.
simply putting clauses into your ToS doesn’t shield the company from legal action at all.
regardless of what’s written in the ToS, final say over what is and isn’t legal lies with local authorities, not YouTube.
Here is a guide from a publisher trade group on the implementation of ad block detectors under gdpr.
It says that listing the use in your ToS is a defensible strategy but could have some risk. If the organization wants to further limit risk, they can add a consent banner, consent wall, or both.
My guess is Google is the risk accepting type on this issue and it’s willing to litigate to argue that its ToS is sufficient or the way they implement it differs from cookies. Either way, they could completely make this go away by asking a consent for ad delivery to their cookie notice.