And even on the smaller service I work on, we go through privacy review.
Generally user-data is coupled to user account identifiers and deleted when accounts are deleted.
This is the easiest, as your retention plan is automatically approved this way :)
All data stores are mapped to retention plans. So you don't accidentally forget something.
For anonymization there is some logic which ensures the smallest slice is small enough that users can't be identified.
Now, all of this is generally and of course there are exceptions -- but these are a lot of work to get. You need to have good reasons to get exceptions, it takes a long time. So if you want to ship on time, you delete data when it's no longer needed, etc.
Exceptions are usually when it would hurt another user to delete something shared, for example..
Sure, incompetence can happen. But Google doesn't have a lengthy record of security holes, data leaks or privacy issues.
(I'm sure you can find a few, but my point is that this isn't Yahoo)
The data is deleted, but probably not the products developed from the data. For example, Google may pick up from my email that I have a Subaru and if I delete that email, they may lose track of what exact car I have, but I bet they still know I have a car.
Companies don't like to destroy assets.
I don't think anybody is assuming malice, just incompetence. There are precedents after all.