[throwaway3699]

Xoogler.

This is almost impossible by design. As mentioned before, every field on a protobuf is tagged for sensitivity, meaning right down to the bare disks there is privacy controls on data.

Engineers under orders to decrypt & copy data literally could not, without a delegated authority from senior people (some will be GDPR officers too), and there would need to be a staggering level of process failure just to get at the data for a few users.

Ultimately you have to decide if you trust Larry & Sergey, nobody else could make this happen. But insider risk just isn't going to happen from a company that treats user data like military treat classified documents.