APEX-Agents · Law
World423_JS_08
APEX-Agents task World423_JS_08 in AI Agents for Privacy and GDPR Compliance. Compare dual-harness agent runs across models — rubric criteria, scores, and public traces.
Task prompt
What the agent was asked to do
Determine if Northstar can be fined under Article 83 of the General Data Protection Regulation ("GDPR") for a violation of Article 14(2)(e) of the GDPR for the data transfer from the Data Analytics Module (the "Module") if there is a finding that BlueQuill did not process personal data when it received the data from the Module. Please provide a yes or no answer to me here as a message, with a brief explanation.
Published trajectories
Agent runs on this task
Curated dual-harness runs (parsed + original sandbox). Best scored run per model.
| Model | Harness | Score | Result | Links |
|---|---|---|---|---|
| GPT-5.5showcase | dual | 0/2 | Fail | Share pagePublic trace |
| fireworks models Kimi K2 | dual | 0/2 | Fail | Share pagePublic trace |
| Gemini 3 Flash | dual | 2/2 | Pass | Share pagePublic trace |
| Gemini 3.1 Pro | dual | 0/2 | Fail | Share pagePublic trace |
| GPT-5.4 | dual | 2/2 | Pass | Share pagePublic trace |
| GPT-5.4 mini | dual | 1/2 | Fail | Share pagePublic trace |
| GPT-5.4 nano | dual | 1/2 | Fail | Share pagePublic trace |
Grading rubric
Criteria and grader verdict (showcase run)
States Yes, Northstar can be fined under Article 83 of the General Data Protection Regulation ("GDPR") for a violation of Article 14(2)(e) of the GDPR for the data transfer from the Data Analytics Module (the "Module") if there is a finding that BlueQuill did not process personal data when it received the data from the Module
FailEvidence: <TEXT_RESPONSE> begins “**No** — not for that transfer-notice theory” and says a finding that BlueQuill did not process personal data “should defeat an Article 83 fine.” Assessment: The criterion requires stating “Yes, Northstar can be fined...” The response states the opposite, so this fails.
States that the data transmitted by Northstar via the Data Analytics Module contained pseudonymized personal data
FailEvidence: <TEXT_RESPONSE> refers only to “the Module data” and reasons that if BlueQuill did not process personal data, it “should not be treated as a recipient of personal data.” Assessment: The criterion requires stating that the data transmitted by Northstar via the Module contained pseudonymized personal data. The response does not state this and instead frames the data as not personal data for BlueQuill, so this fails.