Norway, Sweden, Denmark, UK

When your former founder takes the database

by Thomas Hagen

Published:

Computer

Background

The case arose from a classic competitive tension: A serial entrepreneur sells a company he founded, waits out his non-compete obligations, and then re-enters the same market with a new venture. The complication was that he took the old company's data with him.

Geir Atle Rosenborg founded Fiberworks AS in the early 1990s, building it into a supplier of third-party transceivers and fibre-optic components. In 2017, he sold Fiberworks to Swedish investment company Sorb Industri AB for approximately NOK 144 million. He remained as CEO until the end of 2018 and worked as a consultant for Fiberworks through 2021. His non-compete obligations under the shareholder agreement expired on 6 May 2023.

After fully divesting in spring 2022, Rosenborg began planning a competing e-commerce business. In December 2022 — still roughly six months before his non-compete expired — he transferred three Excel files from his personal computer to Multicase, an e-commerce platform provider, to assist in setting up the new venture. The three files contained:

  • Fiberworks' product list: 9,313 products with item numbers, technical descriptions, and attributes;
     
    • Fiberworks' customer list: Contact information for approximately 5,500 customers; and
       
    • Fiberworks' supplier list: Names, addresses, contact details, and payment terms for 41 suppliers.
       

Rosenborg's new company, Globalfiber AS, launched in September 2023. One month later, a marketing email was sent to all 5,500 contacts on Fiberworks' customer list, an act a third-party consultant attributed to her own mistake. After receiving a cease-and-desist letter from Fiberworks, Globalfiber deleted the lists and built a new customer database of approximately 400 contacts from its own sources.

Fiberworks and Sorb brought proceedings in 2024. The District Court found limited infringement and awarded NOK 200,000. Both sides appealed. The Court of Appeal issued its judgment on 10 June 2026.

Three lists, three different outcomes

The product list: Database protection, but only for the import

The Court of Appeal confirmed that the product list was protected as a database under the Norwegian Copyright Act section 24, which implements the EU Database Directive (96/9/EC). The key requirement is that the database must be the result of a "substantial investment" in the collection, verification, or presentation of its contents. Investments in creating new data do not count, only those in gathering existing data.

The Court of Appeal applied the EU Court of Justice's established distinction from the Fixtures and William Hill cases: Because the products on the list (optical transceivers and related components) were generic articles already existing in the market, with their own industry-standard item numbers, Fiberworks' effort in identifying, selecting, and organising over 9,000 products over more than a decade constituted collecting existing data, not creating it. That effort was a sufficient substantial investment.

Rosenborg attempted to undercut the investment argument by demonstrating in court, using video footage, how quickly a comparable database could be assembled today with the assistance of AI. The Court of Appeal acknowledged the demonstration but dismissed its relevance: The question is whether Fiberworks' list was the product of a substantial investment at the time it was created, not what it would cost to replicate it today.

The infringement, however, was narrower than Fiberworks had argued. The Court of Appeal found that Rosenborg's import of the list into the Multicase system in December 2022 constituted unlawful "extraction" from the database. "Reuse", however, additionally requires that a substantial part of the database be made publicly available. By the time Globalfiber's online shop launched in September 2023, only approximately 500 of the original 9,313 products remained in the system — the rest had been substantially modified or replaced. Applying both the quantitative and qualitative tests from C-203/02 William Hill, this was too small a portion to constitute "reuse" of a "substantial part" of the database. Accordingly, the infringement was limited to the December 2022 import, not the commercial launch.

The Court of Appeal also declined to find that the product list was protected as a trade secret. Because the products were generic articles publicly available from many suppliers, and all were listed on Fiberworks' own website, the list lacked the necessary secret character under the Trade Secrets Act section 2 (1) letter a.

The customer list: Trade secret protection

The customer list received no database protection, the Court of Appeal found no evidence that accumulating 5,500 contact names and email addresses over the years had required any material investment beyond routine commercial activity. However, the list was clearly protected as a trade secret under the Trade Secrets Act.

The Court of Appeal assessed the three cumulative conditions under the Trade Secrets Act Section 2:

  • Secrecy: Although individual customer identities might be publicly known, the complete customer picture, who Fiberworks' full customer base was, was not generally known or easily accessible to competitors. The fact that individual entries within the list might be identifiable did not destroy the list's aggregate secrecy.
     
    • Commercial value: There was no doubt that a comprehensive, ready-to-use customer contact database carries significant commercial value. A witness estimated that building an equivalent list through proper marketing and consent-gathering under the Marketing Control Act would take over 34 months and cost approximately NOK 1.9 million.
       
    • Reasonable protective measures: Only Fiberworks employees had access to the list. The Court of Appeal found that requiring confidentiality — enforced through a duty of loyalty rather than technical access controls — was reasonable given the nature of the business.
       

On the infringement side, the Court of Appeal identified three separate acts: 

  1. retaining the customer list after ceasing work for Fiberworks in 2021;
    1. importing it into Multicase in December 2022; and
      1. using it to send the October 2023 mass marketing email. 
         

The Court of Appeal expressly noted that retention alone, "taking the list away", was an infringement under of the Trade Secrets Act section 3 (1) letter a, independently of any subsequent use.

The Court of Appeal also addressed the "ordinary skills" carve-out in the Trade Secrets Act section 2 (2), which provides that general experience and skills acquired during employment are not trade secrets. Rosenborg argued that his personal knowledge of the customer base was simply professional expertise he had built over decades. The Court of Appeal accepted that he was entitled to rely on his memory of individual customers in building his new venture. However, the key distinction lies in physical concreteness: The preparatory works to the Act confirm that information which can be concretised and stored on an external medium falls outside the carve-out, even if not actually stored but only held in employees' heads. The organised list, which could be concretely identified and stored on an external medium, therefore fell outside the carve-out and remained protected.

The supplier list: No protection

The supplier list fared differently. The Court of Appeal reversed the District Court on this point and found that Fiberworks had not demonstrated that the identities of its 41 suppliers had any commercial value as a secret. The relevant market consisted of generic, commoditised products supplied by many manufacturers, primarily in China, and there was nothing particularly sensitive about which of those manufacturers Fiberworks had chosen. The Court of Appeal further noted that Rosenborg himself had strong personal relationships with many of the key suppliers and had been the one to source them for Fiberworks in the first place. The supplier list was neither a protectable database nor a trade secret. 

The Court of Appeal also found no violation of the Marketing Control Act section 25: There was no unlawful exploitation of a competitor's efforts beyond what the trade secret and database regimes already addressed, and there was no sufficient evidence that the list as such had been used or exploited in any material way.

No injunction: No existing legal interest in the order

Despite finding infringement of both the product list and the customer list, the Court of Appeal denied Fiberworks' request for an injunction. The legal requirement for an injunction under both the Copyright Act and the Trade Secrets Act is that the claimant must have an existing legal interest in the order, meaning that the infringement must be ongoing or that there is a real risk of repetition.

That condition was not met. Globalfiber had ceased using Fiberworks' product list and had substantially transformed its product portfolio. The customer list had been deleted, and Globalfiber had built a new list from its own sources. There was no evidence that either list would be used again. In these circumstances, the past infringement did not justify a forward-looking injunction.

No damages: Causation was the stumbling block

Fiberworks claimed damages running to several million Norwegian kroner, arguing that Globalfiber's competitive presence had forced Fiberworks to forgo a planned 10 % price increase in 2024, and had caused a significant drop in sales. The Court of Appeal rejected the claim in its entirety.

The damages analysis required asking: How would Fiberworks have fared in a counterfactual world where the infringements had not occurred? Following HR-2021-967-A, the burden of proof on the uncertainty attaching to that counterfactual rests on the tortfeasor, not the claimant. The Court of Appeal found that Globalfiber's ability to enter the market and survive was driven overwhelmingly by factors unrelated to the misappropriated data, namely, Rosenborg's decades of industry expertise, his personal relationships with customers and suppliers, and his ability to recruit former Fiberworks staff. Even without the Excel files, Globalfiber would in all likelihood have launched at the same time and been equally competitive.

On the product list, the Court of Appeal noted that the actual commercial use of Fiberworks' data at launch was minimal, only around 500 items overlapped, and that the October 2023 marketing email to the full customer list had generated no sales at all (a large percentage of the emails bounced, and Globalfiber's revenues only began to grow a full year later).

Compensation: A notional licence fee

Although full damages were denied, the Court of Appeal awarded compensation on the basis of a notional reasonable licence fee, the amount Globalfiber would hypothetically have paid for lawful use of the data.

For the product list, the Court of Appeal assessed a base fee of NOK 50,000, the estimated cost in early 2023 of hiring a consultant to compile a comparable product database, and then doubled that amount to NOK 100,000 pursuant to the Copyright Act section 81 (2). That provision requires the infringer to pay double the reasonable licence fee where the infringement was intentional, unless doubling would be inequitable. The legislative materials describe the equitable reservation as a narrow safety valve: double payment is the clear main rule where intent is established, not an exception. As Rosenborg's import of the database was clearly deliberate, the doubling applied.

For the customer list, the Court also assessed NOK 100,000, taking into account the effort required to compile such a list through legitimate means, even acknowledging that Rosenborg's personal knowledge of the customer base would have significantly shortened the process. The Trade Secrets Act contains no equivalent doubling provision, but the overall compensation was calibrated to reflect the scope of the unlawful use.

Total compensation: NOK 200,000, a fraction of the millions claimed.

Do you have any questions?