APEX-Agents · Law
World423_JS_07
APEX-Agents task World423_JS_07 in AI Agents for Privacy and GDPR Compliance. Compare dual-harness agent runs across models — rubric criteria, scores, and public traces.
Task prompt
What the agent was asked to do
Will Northstar be required to compensate affected data subjects under the General Data Protection Regulation ("GDPR") for the Data Analytics Module's (the "Module") unauthorized data transfer if the data transfer violated the GDPR? Please respond to me in here with a yes or no answer and a brief explanation.
Published trajectories
Agent runs on this task
Curated dual-harness runs (parsed + original sandbox). Best scored run per model.
| Model | Harness | Score | Result | Links |
|---|---|---|---|---|
| GPT-5.5showcase | dual | 1/2 | Fail | Share pagePublic trace |
| fireworks models Kimi K2 | dual | 1/2 | Fail | Share pagePublic trace |
| Gemini 3.1 Pro | dual | 1/2 | Fail | Share pagePublic trace |
| GPT-5.4 | dual | 1/2 | Fail | Share pagePublic trace |
| GPT-5.4 mini | dual | 1/2 | Fail | Share pagePublic trace |
| GPT-5.4 nano | dual | 0/2 | Fail | Share pagePublic trace |
Grading rubric
Criteria and grader verdict (showcase run)
States No, Northstar will not be required to compensate affected data subjects under the GDPR for the Data Analytics Module's unauthorized data transfer
PassEvidence: TEXT_RESPONSE says, “No — not automatically” and “Northstar would compensate only data subjects who can show compensable damage…; the violation alone does not require compensation.” Assessment: The criterion requires stating “No, Northstar will not be required to compensate affected data subjects…” This position is clearly conveyed, with qualification that compensation is only for proven damage. Pass.
States that any harm suffered by the data subjects from the Data Analytics Module's unauthorized data transfer is negligible
FailEvidence: TEXT_RESPONSE discusses Article 82 requiring “material or non-material damage” and says compensation is owed only where subjects “can show compensable damage.” Assessment: The criterion requires stating that harm suffered by data subjects is negligible. The response does not say or imply the harm is negligible; it focuses on the legal requirement of damage and causation. Fail.