[halflings]

Sure, there are some trust issues, but just regarding your two first points:

A very limited number of Google employees have access to private user data (only when it's vital to their work) and they have strict policies in place (data does not leave the data centers etc.). Which third parties are you referring to? As far as I know, Google does not give their users' private data to a third party.

[falcolas]

Lots of reference to a user's private data - but what is private? Is my zipcode, gender, and birthdate private? Those three factors can be used to uniquely identify greater than 80% of the US population. Are the GPS locations I visit private? If so, why does information about them show up on lock screens?

Third parties get my voice recordings for "improving the voice recognition service" - what if my name is mentioned in the background of one of those recordings? What if I'm not a savvy user and add private data to those recordings?

You're also talking about what's in place today. If I give Google my data, that data is probably going to stay with Google as long as they are a business (and potentially after, if Google were ever liquidated and their assets sold off). What measures are in place to protect me then?

[halflings]

Yes, if data can be used to potentially locate somebody, like a combination of zipcode, birthdate and first name, it is considered PII (Personally identifiable information) and those strict policies would apply.

I'm responding to a comment that said trusting Google == trusting ALL Google employees, which is not true. Trusting Google with your data is believing that having some convenience (a mail service like Gmail, an intelligent assistant, etc.) is worth the risks you are talking about: Google drastically changing their policy, or being bankrupt and acquired by less scrupulous owners, etc.

Let's not just act like anybody at Google can look at your data and play with it, or a disgruntled employee will suddenly click a button and release all users' data on pastebin...

[pdkl95]

> they have strict policies in place

What guarantee do you have that these policies will never change in the future? Or are you simply assuming that risks never change?

[euyyn]

I think the strongest guarantee is that the sustainability of their business very much depends on that. Billions of incentives to make not a single ex-employee able to say "I managed to hack my way to user personal data".

[pdkl95]

That's not much of a guarantee. First, you're relying on everyone acting rationally. I hope they would, but humans often act irrationally, especially if grudges or money is involved.

More important is your assumption that the decision would even be made by Google. Outside forces such as governments may force Google's hand.

> able to say

It doesn't matter what is said. If Google had sufficient deniability (perhaps an NSL gag order? or a sufficiently high purchase price?), they can say user personal data is secure while sending it outside their control.

--

The only guarantee that would be believable is if they indemnified their users against any future damages derived from their data collection, and there is no way Google (or any company) would willingly accept that kind of liability.

[euyyn]

Sorry, the policies the parent commenter was talking about were about employees' (lack of) access to user data.

Being ordered by a judge to do something obviously supersedes any policy, but that's the case for any person and business.

[pdkl95]

> was talking about were about employees' (lack of) access to user data

Which we have to take their word on and hope that never changes in the future, even though Google might not be the party with the authority to make that decision. Even when they are, business plans change and a pile of potentially profitable user data is a very powerful temptation towards moral hazard. Only a fool would claim that this wasn't a risk.

> that's the case for any person and business.

Only if you deliberately ignore the entire point that the data shouldn't be stored at all by 3rd parties. A business that sold a real product (instead of a service masquerading as a product) would run locally and no data would be put at risk.

If a judge orders me personally to reveal something, they probably need a warrant and there is a process by which I can challenge that order. If, however, that data is stored on Google's servers then I don't have standing to challenge any interaction between Google and the government.