Raycaster / evalsBack to AI Agents for Privacy and GDPR Compliance

APEX-Agents · Law

World423_JS_08

0/2Fail

APEX-Agents task World423_JS_08 in AI Agents for Privacy and GDPR Compliance. Compare dual-harness agent runs across models — rubric criteria, scores, and public traces.

AI Agents for Privacy and GDPR ComplianceLaw World 423Dual harnessGrader: rubric
task_25e49967231547cab553ed451d6fa338
Law World 423
message_in_console
7 models · dual config

Task prompt

What the agent was asked to do

Determine if Northstar can be fined under Article 83 of the General Data Protection Regulation ("GDPR") for a violation of Article 14(2)(e) of the GDPR for the data transfer from the Data Analytics Module (the "Module") if there is a finding that BlueQuill did not process personal data when it received the data from the Module. Please provide a yes or no answer to me here as a message, with a brief explanation.

Published trajectories

Agent runs on this task

Curated dual-harness runs (parsed + original sandbox). Best scored run per model.

ModelHarnessScoreResultLinks
GPT-5.5showcasedual0/2Fail
fireworks models Kimi K2dual0/2Fail
Gemini 3 Flashdual2/2Pass
Gemini 3.1 Produal0/2Fail
GPT-5.4dual2/2Pass
GPT-5.4 minidual1/2Fail
GPT-5.4 nanodual1/2Fail

Grading rubric

Criteria and grader verdict (showcase run)

  1. States Yes, Northstar can be fined under Article 83 of the General Data Protection Regulation ("GDPR") for a violation of Article 14(2)(e) of the GDPR for the data transfer from the Data Analytics Module (the "Module") if there is a finding that BlueQuill did not process personal data when it received the data from the Module

    Fail

    Evidence: <TEXT_RESPONSE> begins “**No** — not for that transfer-notice theory” and says a finding that BlueQuill did not process personal data “should defeat an Article 83 fine.” Assessment: The criterion requires stating “Yes, Northstar can be fined...” The response states the opposite, so this fails.

  2. States that the data transmitted by Northstar via the Data Analytics Module contained pseudonymized personal data

    Fail

    Evidence: <TEXT_RESPONSE> refers only to “the Module data” and reasons that if BlueQuill did not process personal data, it “should not be treated as a recipient of personal data.” Assessment: The criterion requires stating that the data transmitted by Northstar via the Module contained pseudonymized personal data. The response does not state this and instead frames the data as not personal data for BlueQuill, so this fails.