It’s a functional cookie, I’m fairly certain those are just blanket allowed by e.g., GDPR
Besides, it’s a first-party Proton cookie that only shows what affiliate link was used (and one of the two expires at the end of the session, even.) and it should be isolated per site like basically any other first-party cookie unless Proton has an ad network and lets other people embed their stuff now like the facebook button and so on