What types of user data has Proton publicly disclosed in past transparency reports or court-ordered cases?
Executive summary
Proton publicly says it collects minimal user data and will only disclose what it legally must, but transparency reports and media cases show that the company has turned over limited account metadata — most notably IP addresses, recovery or associated email addresses, and other account-identifying metadata — while insisting it cannot decrypt email contents or hand over VPN session logs it does not retain [1] [2] [3]. Independent reporting and Proton’s own transparency summaries illustrate a tension: strong cryptographic protections for content coexist with legal compliance that has produced actionable metadata in specific investigations [2] [4].
1. Proton’s published baseline: “we collect as little as possible” — and what that means legally
Proton’s privacy policy emphasizes minimal collection and the use of cryptographic hashing for any permanently stored values, and it states explicitly that Proton will disclose only the limited user data it possesses when legally compelled by Swiss authorities [1]. The transparency report repeats that Swiss law can require Proton to hand over certain user information, but also stresses that email contents, attachments and files are end-to-end encrypted and therefore unreadable to Proton, and that Proton “rejects all requests from foreign authorities” unless handled through Swiss mutual-legal-assistance procedures [2] [5].
2. What Proton says it cannot provide: encrypted content and VPN session logs
Proton’s public materials assert an inability to comply with requests for user activity logs for Proton VPN because those logs are not kept, a claim tested and cited in past legal cases where Proton could not produce VPN session metadata it never stored [3]. Proton also states that it has no means to decrypt stored email content and therefore cannot hand over message bodies or attachments even under order [2] [5].
3. What has been disclosed in practice: metadata that identifies accounts
Public reporting and community discussion about specific cases show that the kinds of user data Proton has disclosed in response to lawful orders are limited metadata elements capable of identifying an account: notably IP addresses associated with account activity and recovery or associated email addresses tied to accounts [4] [6] [7]. In high-profile law-enforcement cases—including reporting about a Spanish terrorism investigation—Proton admitted to providing a recovery email address to authorities, and external providers (Apple) then supplied additional data that led to identification and arrest, illustrating how small metadata disclosures can be multiplied by cross‑company cooperation [8] [7].
4. Scope and scale: large numbers of legal requests, but limited data types
Reporting and commentary have highlighted Proton’s disclosure volume — for example, a cited figure of 5,957 data requests in 2022 — which critics use to argue that Swiss jurisdiction is not an absolute shield [6]. Proton’s transparency materials, however, present those statistics alongside the caveat that what it can disclose is “limited” and that in many VPN-related cases it cannot produce server‑connection logs that were never retained [2] [3].
5. The practical takeaway and reporting limits
Taken together, the public record in Proton’s policy, transparency statements and media coverage shows a consistent pattern: Proton discloses limited, non‑content metadata (IP addresses, recovery/associated email addresses and similar account identifiers) when compelled through Swiss legal processes, while maintaining it cannot access or hand over encrypted email contents or VPN session logs that it does not keep [1] [2] [3] [4]. The sources provided do not offer a complete, itemized list of every field ever disclosed across all cases, so this account is limited to the categories explicitly discussed in Proton’s documents and public reporting [1] [2] [4] [6].