Given the number of people who work for Google, and Google's internal culture of openness, I find it extremely unlikely that Google is violating its customers' privacy. That would almost certainly get whistleblown.
Does not exist like you think when it comes to projects. People are very secretive about lots of projects for all kinds of internal political reasons. Using data they technically have the right to use in a somewhat scummy way is a perfect example of a project that would be kept out of the spotlight.
Google never cooperated with PRISM. As soon as news came out that the NSA was tapping Google's intra-datacenter dedicated lines, Google announced they would accelerate encrypting all that traffic.
