ITBA data-sharing agreement

Status: Reviewed (Phase B) — establishes the data-scope decision; the legal-form agreement (signed PDF) is a separate artifact owned by Sophia + Andrew + Raul Marino. Owner: Sophia (with Andrew advising; Raul Marino as ITBA counterpart) Last updated: 2026-05-12

Why this exists

ITBA Buenos Aires receives a twin hardware set on 2026-05-15 and will run parallel CV research on it. Round-1 design docs had inconsistent statements about what ITBA can see of the LBZF deployment — some implied aggregates only, others implied per-cycle data, and one referenced “raw frames” for cross-replication. Phase B closes that seam.

Two reasons it matters now:

LBZF operator consent is collected for the LBZF deployment (../../40-prototype/lbzf/privacy-consent-labor-law.md). The consent form does not authorize transfer of identifiable footage to a third-party institution in another country. ITBA receiving raw frames would extend the privacy posture beyond what operators agreed to.
ITBA’s own work runs at ITBA’s own facility, under Argentinian Law 25.326, with a different set of consenting subjects (ITBA-side workers, or no human subjects if their replication is purely synthetic). ITBA’s own data has its own legal regime; LBZF’s data has Colombia’s.

The cleanest line is therefore: ITBA does not receive identifiable LBZF data. ITBA receives aggregates only.

Data-scope decision (Phase I)

ITBA gets, from the LBZF deployment:

Tier	What	How
Allowed	Aggregated metrics at the module-day or module-week granularity (eficiencia %, cycle-count totals, uptime %) — same content as the monthly Mariana update	Shared via project Drive folder or `lbzfai-cv` repo aggregate CSVs
Allowed	De-identified evaluation summaries — Bland-Altman / Lin’s CCC summary statistics, failure-typing confusion-matrix counts, per-station MAE	Same; suitable for the joint paper if Option A authorship is chosen
Allowed	Pre-registered analysis scripts (`validate_v1.py`) and the COCO-format public-sample dataset (~100 frames, face-blurred, Mariana-approved) once released	GitHub `sophiamann/lbzfai-cv`
Not allowed	Personally identifiable information (operator names, employee IDs, the `Ref22 Slim - Angela.xlsx` roster, the `INDICADORES ABRIL.xlsx` per-operator data)	Stays LBZF-internal
Not allowed	Raw or recoverable frames containing identifiable LBZF operators, even if anonymization was attempted but not verified	Stays on the LBZF Jetson NVMe
Not allowed	Per-operator, per-cycle data at granularity finer than module-day, even pseudonymized — the Angela module’s ~22-operator headcount makes per-operator-day data re-identifiable per paper-plan anonymization rules	Stays LBZF-internal

Why this scope, not a permissive scope: the security posture set in ADR-001 (air-gap the camera VLAN, no Amcrest Cloud / P2P, block outbound 37777/80) treats the LBZF camera footage as a sensitive asset that does not leave the Jetson except via Tailscale-authenticated, named-purpose transfer initiated by Sophia or Andrew. Extending raw-frame access to ITBA would silently widen that perimeter to four PhDs in another country on a different tailnet tag (tag:itba-dev). The aggregates-only line keeps the perimeter where ADR-001 drew it.

ITBA’s own data — separate regime

ITBA’s twin-hardware replication produces ITBA-side data. That data:

Stays ITBA-internal by default.
Is governed by Argentinian Law 25.326 (not Colombian Ley 1581 / Decreto 1377).
Is shared back to the LBZF paper only if ITBA chooses Option A authorship per Q-110 (see paper-plan § ITBA’s role — three options) and only as aggregates / de-identified summaries unless ITBA negotiates a separate stronger sharing line with their own subjects.
ITBA’s institutional ethics review (or its absence) is ITBA’s responsibility; the LBZF paper cites ITBA’s posture by reference, not by inheriting it.

Reciprocity

A symmetric posture: ITBA shares back to Sophia what they choose to share, on the same aggregates-only default. The LBZF paper does not assume access to ITBA raw frames either. If a joint analysis needs more, both sides negotiate explicitly and re-paper consent on the relevant side(s).

What this does not cover

Authorship. Q-110 (ITBA Option A / B / C) is open; see paper-plan. Data scope and authorship are separable — the aggregates-only data scope is compatible with all three authorship options.
The legal-form data-sharing agreement (signed PDF between LBZF and ITBA, witnessed by Mariana / Raul Marino). That artifact follows this design doc; this doc is the policy spec it documents.
Phase II data scope. Phase II adds behavioral monitoring (phone, eating, talking, absence) which is materially more privacy-sensitive than cycle counting. Phase II re-papers consent on the LBZF side (privacy-consent-labor-law rollout, last row) and re-papers this data-sharing agreement on the ITBA side.

Open questions

OPEN: Named ITBA data-receiving contact (likely Raul Marino as PI). — Owner: Sophia + Andrew — By: 2026-05-15 BA handoff.
OPEN: Does ITBA have a faculty/institutional review process equivalent to an IRB for their replication work? — Owner: Sophia (via Raul) — By: 2026-06-15.
OPEN: Confirm with Mariana that the aggregates-only line matches her expectation of what “ITBA collaborates with us” means. — Owner: Sophia (via Armando) — By: before factory filming.
OPEN: Legal-form data-sharing agreement PDF drafted, signed, and stored in Drive. — Owner: Sophia + Andrew + Raul — By: 2026-06-30.

Cross-references

privacy-consent-labor-law — LBZF-side consent that bounds what can be shared at all
risk-register — R2 (privacy/labor-law) and R9 (authorship dispute)
paper-plan — Q-110 authorship options; data scope is decoupled from authorship choice
ethics-and-coi — paper-side ethics posture
reproducibility-and-artifacts — Tier-0 (public) vs Tier-1 (restricted, named collaborators incl. ITBA under NDA) vs Tier-2 (private to LBZF) — this doc is the Tier-1 access spec
ADR-001 (camera security posture) under docs/design/30-decisions/accepted/