According to the GDPR even an IP address needs consent, and those are inherently transmitted when loading a third-party library regardless of cookies. Given that social media sharing isn’t a necessary function of the website, they should be asking for consent before loading the libraries, or just using a locally-hosted icon pointing to a sharing link, so that the target social network gets the data only when the button is actually clicked.