Very responsibly done! The issue was not that they had to share the logs with law enforcement, the issue was that marketing message was incorrect from them. This is a responsible step.
Consumers relied upon ProtonMail's prominent and concise marketing claim. Consumers who signed up for the service are now in jeopardy, perhaps facing real [legal] injury based on reasonable expectation of not having their IP logged.
The privacy-centric nature of this abuse is unlikely to result in a class-action-type of response, but Caveat Emptor abuses can be dealt with by the marketplace, too.
Here are some ideas: Proactive compensation, an apology letter, hosting an AMA live stream, and a postmortem on how this misleading messaging made it out in the first place.
I don't think you can get damages for what might happen in the future, only for real damages and probably only this activist that had his IP disclosed can prove damages.
Probably the best you could hope for would be to get out of a long term contract "I paid for a 2 year term based on promises that weren't true"
Otherwise, your best recourse to prevent your IP from being disclosed in the future is to find a provider that won't disclose it under any circumstances (probably not possible), or hide your IP yourself.
The fact that the messaging was there to begin with is the issue. People assume tech companies are immune from the law based on make believe claims that their ideals allow them to circumvent it.
The privacy-centric nature of this abuse is unlikely to result in a class-action-type of response, but Caveat Emptor abuses can be dealt with by the marketplace, too.