So they don't track personally-identifiable information directly; it's certainly possible you could de-anonymize someone from their dataset, but most of what they do track is on their end (what machine handled the request, how quickly, etc.)
The thing is, let's say Google reneged on their promises and started violating privacy on 8.8.8.8 - would it be up to the FCC to enforce that or the FTC to enforce it as fraudulent behavior?
Very good question. It could be handled similarly to the fiasco of google's street view cars 'hacking' poorly protected wireless routers. They got a pretty serious smack on the wrist for that.
https://developers.google.com/speed/public-dns/privacy
So they don't track personally-identifiable information directly; it's certainly possible you could de-anonymize someone from their dataset, but most of what they do track is on their end (what machine handled the request, how quickly, etc.)