When a 3rd party dApp wants to access the user's identity data, it must make a request to the MCP client and get the user authorization before it gets the data. The Litentry blockchain will only allow returning identity data to the identity owner, it is up to the user to decide whether to give the data to a 3rd party.