Did you ever read the privacy policy that went with that app? It stated in weaselly but still quite clear words that they were entitled to record and sell your everything for whatever reason.
Maybe they didn't actually do that but they demanded the right to do so and I never managed to make them (or their lawyers) deny it (which, let's face it, was all I wanted - I just wanted to use my watch without them using it or the companion phone app as a trojan to perv on my life.)
Assuming Google legitimately doesn't try to retain deleted data as they claim, you just need to delete your Fitbit account before the acquisition closes to ensure Google never lays hands on it.
And even on the smaller service I work on, we go through privacy review.
Generally user-data is coupled to user account identifiers and deleted when accounts are deleted.
This is the easiest, as your retention plan is automatically approved this way :)
All data stores are mapped to retention plans. So you don't accidentally forget something.
For anonymization there is some logic which ensures the smallest slice is small enough that users can't be identified.
Now, all of this is generally and of course there are exceptions -- but these are a lot of work to get. You need to have good reasons to get exceptions, it takes a long time. So if you want to ship on time, you delete data when it's no longer needed, etc.
Exceptions are usually when it would hurt another user to delete something shared, for example..
Sure, incompetence can happen. But Google doesn't have a lengthy record of security holes, data leaks or privacy issues.
(I'm sure you can find a few, but my point is that this isn't Yahoo)
The data is deleted, but probably not the products developed from the data. For example, Google may pick up from my email that I have a Subaru and if I delete that email, they may lose track of what exact car I have, but I bet they still know I have a car.
