Not exactly the best article. Proton complied with a lawful Swiss request. Their ToS clearly state what they can provide if requests are lawful.

The Proton user had bad opsec by using a credit card to pay for the account.

Had Proton just turned data over to an out of jurisdiction LEA, then it's more of a complaint. But they followed their policy and law here.

Proton offers a Tor address for accounts requiring anonymity rather than just privacy. The crux of this is on the account user