Specification
Overview
What PCHP is, who it is for, and the one idea it standardizes: consent on every read of personal data.
PCHP (Personal Consent Handshake Protocol) is an open standard for sharing personal data between a person, the agents that work for them, and the humans and machines they choose to trust — with consent and control built into every single transaction.
Think of PCHP as a signed receipt and a revocable key attached to every share of your data. Before anything private moves, a handshake happens: the requester says exactly what they want and why, the owner approves (or declines) with a real credential, a scoped and time-boxed key is issued, the data moves inside a sealed envelope, and every step is written to a log the owner can read. When the owner revokes, the key dies.
This specification defines the authoritative protocol requirements. The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL are to be interpreted as described in BCP 14 (RFC 2119, RFC 8174) when, and only when, they appear in all capitals.
What PCHP enables
Working backwards from the person and the job they are trying to get done:
- Share your financial health in seconds, not weeks. Give your CPA, tax preparer, lawyer, auditor, or banker exactly the data they need — a scoped, time-boxed, revocable read — instead of emailing statements and losing track of who has what.
- Let your agent act for you, safely. An agent (yours or one you have delegated to) can request, hold, and use a consent grant on your behalf, and you retain complete visibility and a kill switch.
- Be the owner, always. The owner is a human, or a machine that human governs. Ownership means visibility into every action and the ability to revoke it.
- Prove it happened. Every grant, every read, every revocation is an event in a transparency log the owner can audit.
Why PCHP matters, by who you are
- Owners (individuals): your personal data stops leaking into inboxes and portals. Every share is consented, scoped, logged, and revocable.
- Agents: a standard way to ask for and hold consent, so an agent can be a genuinely useful super-assistant without becoming a liability.
- Requesters (CPAs, banks, apps, auditors): a standard way to ask for exactly what you need and receive it in a verifiable, least-privilege envelope — with a receipt that stands up to compliance review.
- Developers: build once against an open protocol; integrate everywhere it is honored.
Adjacent standards (what PCHP is not)
PCHP is deliberately narrow. It is the consent handshake layer, and it composes with the standards below rather than replacing them:
- It is not OAuth. OAuth authorizes an application against a provider; PCHP obtains a person's consent for a specific read of their own data and issues a receipt for it. PCHP uses OAuth-family primitives where useful.
- It is not OpenID. Identity/authentication is an input to the handshake, not the handshake.
- It is not DRM. PCHP protects the owner's control over their data, not a vendor's control over the owner.
If MCP is a standardized way to connect AI applications to tools and context, PCHP is the standardized way to connect a person's private data to the humans and agents they trust — with consent as the protocol, not a checkbox.