Yes, this was the incident I was referring to. Pardon for omitting the source reference.
EDIT: And yes, I'm aware that Google and probably all the other providers as well do this with the publicly shared pictures. But they should have no business monitoring privately stored data. Maybe hash checking for known illegal files (CP and similar) could be an exception.
Where does it stop though? Checking for known child pornography is of course a very valid reason and the law enforcement agencies have hashes for a lot of those images. However if you make that exception, other 'illegal' things would have to be screened as well and then you have where we are now. Why not make different categories of 'illegal'; CP matching hashes is a direct hit and gone you are. While 'illegal to distribute' (which probably gets more pressure to fight against than even cp) would be flagged in private; if you move it to public you have a problem.
I believe that private means you cannot touch it at all, but we are talking 'the cloud' here so that option is out the door anyway.
EDIT: And yes, I'm aware that Google and probably all the other providers as well do this with the publicly shared pictures. But they should have no business monitoring privately stored data. Maybe hash checking for known illegal files (CP and similar) could be an exception.