Proton Mail Shared User Payment Data With the FBI Via Swiss Authorities

Privacy-focused email provider handed over account metadata after Swiss government request, raising questions about the limits of encrypted services

Zotpaper•Friday 20 March 2026 at 10:02 pm•2 min read

Proton Mail, the Swiss encrypted email service marketed as a privacy-first alternative to Gmail, provided subscriber payment metadata to Swiss authorities who then passed it to the FBI, according to a report from 404 Media. The disclosure highlights the gap between what privacy-focused services promise and what they can deliver when faced with lawful government requests.

The information shared was metadata rather than email content — specifically payment information tied to a particular Proton Mail account. While the contents of emails remain protected by end-to-end encryption, billing records, IP addresses logged during account creation, and payment details fall outside that protection.

Security researcher Bruce Schneier noted that this kind of disclosure is not unusual, even for privacy-centric companies like Proton Mail. Swiss law requires companies to comply with lawful data requests from Swiss authorities, who can then share information with foreign governments under mutual legal assistance treaties.

Proton Mail has faced similar scrutiny before. In 2021, the company provided IP address information to French authorities investigating climate activists, prompting the company to modify its privacy policy to be more transparent about its legal obligations.

Analysis

Why This Matters

Millions of users choose Proton Mail specifically because they believe it offers stronger privacy guarantees than mainstream email providers. This case demonstrates that while message content remains encrypted, the metadata surrounding accounts — who paid, when, and how — remains accessible to authorities.

Background

Proton Mail operates under Swiss jurisdiction and markets itself as being outside the reach of US and EU surveillance. However, Switzerland participates in international legal cooperation frameworks that can compel data disclosure.

Key Perspectives

Privacy advocates argue that metadata can be just as revealing as content, enabling authorities to identify anonymous users without ever reading their emails. Proton maintains that it complies only with lawful Swiss court orders and cannot access encrypted message content.

What to Watch

Whether this disclosure prompts a user migration to even more decentralised communication tools, and how Proton Mail responds to the renewed scrutiny of its privacy claims.

Sources

Proton Mail Shared User Information with the Police