Google does not, nor have they ever, as far as I'm aware, sell personal user information to third parties. Google sells ads targeted at keywords and other interests, and while in an indirect way, this is profiting from user behavior, it is not the same as claiming they give out your personal info.
Using third party hosted mail is a trade off, especially webmail. Unless you are using end-to-end encryption, intermediary servers will need plaintext access, not only to route the email, but to present it, to permit search, filtering, and other operations users value in the webmail client.
Google is taking steps to ensure all data is encrypted-at-rest and encrypted-in-flight. That's not a perfect defense, but it is an improvement. What is to be gained by bashing them for taking positive steps that everyone in the industry, we hope, are also taking?
For money, one could have Google provide ads to users who vote for specific party. After a few days, you look at the logs and create a database of people and their voting habits. Thus you will now have a database of personal information, created by the action of giving money to Google. When you pay money for a product, its called bought.
So I will call it bought personal user information, regardless if it has been laundered by advertisement clicks.
How is Google going to know what party you voted for, when votes are by secret ballot? Voter registration databases, which are public information available for a small fee from state governments, are far more likely to yield a profile of your voting behavior than your gmail contents.
You have the choice of not seeing targeted and relevant ads, or of not using gmail at all. Try Fastmail for instance. I don't see the need to bash Google for doing the right thing on security.
Or to avoid going to jail (assuming that they give out the info to the US government in the first place).
The word "price hints money, but I guess you don't mean that; it would need a lot of money for that company to risk jeopardize it's reputation.
Probably the best pressure the US government could do is to actually threaten important people in the company some jail time if they cooperate. So here "price" means personal freedom. Nobody would like to go to jail just because his job right?
In any case, yes there is no guarantee that nobody would treat your data with no interference. If you use another mail provider, the government could grab their https certificate, or with cooperation of a cert authority perform a man in the middle attack. (Which ironically google can to some extent be protected from because of cert pinning in chrome).
Still, in your comment you are hinting that it's easier to just "buy" it from Google because Google is just fine with selling your data to anybody for a "price". I find it hard to believe. Not saying anybody should trust Google more than any other service, but I don't see neither any proof that we should trust them less.
