There's this thing called encryption. You can use it to make it very very very hard for other people to read your files unless you want them to. You can then put your files anywhere and only those who get the special magic keys to read it can do so.
If I have them at home someone will first have to gain access to them before they can start to decrypt them, and it's encrypted with my software of my choice. In addition, any idiot seeking to mount surveillance will have to gain access to my premises. In the process, there is plenty of opportunity for me to notice that someone is trying to gain access and change things, and automated surveillance is not possible.
If I have data in the cloud, I have no view on who takes a copy for themselves, and if I make the mistake of using the vendor-supplied encryption I also have no idea if there is a backdoor or not. In one go, I have introduced two uncontrolled variables into my risk equation.
In addition, it always amuses me when especially US companies claim to have some form of warrant canary or "transparency" - read the contents of any NSL and see what the implications are for anyone opening their mouth about it and you'll realise that those tools and statements too are more marketing than reality.
A cloud is a cloud is a cloud, and a private cloud is more marketing statement than evidence of protection. If you have something of value to protect, using a cloud for it requires a lot more thinking about the risks you attract in doing so.