Sounds like an avoidable problem, that Proton didn't have a whole lot to fight it with. Obviously they could/should have fought it in court, but this could have been avoided if the individual simply didn't link a recovery email and/or didn't share the same email across Apple products + protesting. Although, the article does point out that if you sign up over Tor or a VPN it requires a verification email, which sucks- ~~though you could just use a temporary email address to get around it.~~ As CaptObvious pointed out (literally @[email protected] lmfao) the reporter pointed out Proton rejects temporary emails.

Key information:

The core of the controversy stems from Proton Mail providing the Spanish police with the recovery email address associated with the Proton Mail account of an individual

individual is suspected of being a member of the Mossos d’Esquadra (Catalonia’s police force) and of using their internal knowledge to assist the Democratic Tsunami movement.

Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.

This case is particularly noteworthy because [...] complex interplay between technology firms, user privacy, and law enforcement.

requests were made under the guise of anti-terrorism laws

primary activities of the Democratic Tsunami involving protests and roadblocks

Proton Mail’s compliance with these requests is bound by Swiss law

Comment from Proton:

We are aware of the Spanish terrorism case involving alleged threats to the King of Spain, but as a general rule we do not comment on specific cases. Proton has minimal user information, as illustrated by the fact that in this case data obtained from Apple was used to identify the terrorism suspect. Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper OpSec, such as not adding your Apple account as an optional recovery method. Note, Proton does not require adding a recovery address as this information can in theory be turned over under Swiss court order, as terrorism is against the law in Switzerland.

nothing I read about this group on Wikipedia points to terrorism, it repeatedly says they advocate nonviolence
I guess these days though it's become some kind of magic password to get whatever the hell you want

The requests were made under the guise of anti-terrorism laws

Remember this the next time someone in government says "We need tough anti-terrorism laws". They also get to define what counts as terrorism, so anyone inconvenient can be destroyed and the public told "We're just keeping you safe from terrorism."

Nothing they can do about that.

I do not understand why people continue to trust Proton. They seem no better than Gmail from where I sit.

Obviously they have user data that be shared. I can't even remove my card details (burner) when everything is paid for.

But I wonder They got the recovery email and requested a new password for proton.. another reminder to set 2FA