I mean, sure, it really depends on who is providing the VPN. With Proton, you're already using them for your email, so if they were a bad actor, you're basically fucked already. If you have ProtonMail, then the choices are 1/ No VPN, so your ISP will collect this data, 2/ a popular VPN provide who will collect this data, or 3/ Proton who say they won't and they've already got you email too if they are liars. Option 3 is the lowest risk of event if they are good actor, but also the potential damage of an event, if they are bad actor, is much higher since they have more data including email based 2FA.
Like I said above, the best option is to not use technology at all. If you want to use it, you play the odds and attempt to limit nefarious activity against you.
What is the difference between the ISP knowing this and being a problem, but the VPN sitting with the exact same information, also knowing it?