To counter this misconception I propose a system where, for a nominal fee, Google implement public-key encryption (secured by each user's Google Account password) where all data stored by that consumer is transparently encrypted by the popular and trusted encryption software GPG. To do so would require explicit on-screen warnings before activation stating that if the user's password were lost, their data would be completely inaccessible and unrecoverable. It is likely that most users may not wish to accept this, so an alternative would be to found in the form of a secondary key, held by a trusted third party, which would allow them to revoke the primary key and re-encrypt the data. There are a number of research papers discussing encryption key escrow systems by such bodies as the Center for Democracy and Technology, which should be considered before this could be implemented commercially.
Once data held by Google becomes encrypted, it is covered by the Regulation of Investigatory Powers Act Act here in the United Kingdom which allows law officers to demand that individuals under investigation surrender their keys or risk prosecution. Google's liability risk is mitigated by this law as it places the liability for encrypted data upon the shoulders of the individual citizens concerned, in a similar manner to the way “Safe Harbors” are implemented within the United States' Digital Millennium Copyright Act.
Consumer and Business Appeal
Estimated return on investment: with 146m users monthly, at a 0.1% take-up, annual revenue is $29m based on proposed prices.