But why? As far as I know there is no evidence of that? I use my own PGP key in Proton anyway.
Discussion
Maybe because of articles like this some have their doubts about the service.
That casts no doubt at all, and is exactly the same for any company around the world including Apple and others. If a legally binding court order is served on any company, they have to provide what they can provide.
The question is what they have, to provide e.g. in this case it was IP addresses, not the content of the mail. What most companies are trying to do, is to reduce what information they actually have.
What is way worse than this is legally binding acts like the US CLOUD Act where that extends into other countries, where it is done secretly, and especially where it is done without any due legal process (forget which company was still recently handing over private data at the mere request of police).
Still worse are companies like Facebook (from Cambridge Analytica) that are freely, or at profit, passing on user data, or having in their T&C for WhatsApp to freely pass all metadata upstream and out to advertisers.
ProtonMail could maybe do better to not log IP addresses (again it may depend on what their country's laws state) but they still sit at the top of the list of privacy respecting e-mail services.
I completely agree with you. In ProtonMail you also can set a separate password to encrypt the mailbox. I'm not sure if this is the equivalent of using a private PGP key. So you have the login and second layer for the mails. The law in Switzerland changed around two years ago but I don't know the details. I just remember that privacy advocates opposed it heavily but still went through.