This is a fine line, I feel like Google needs to have fail safes in place to red flag any mass download of sensitive data. Then confront that employee if an anomaly is observed, demand the data back and inform that employee about the issues involved of copying/removing sensitive data from the workplace. If these specific files are found on the employee after he had stopped working at Google and/or at Uber there’s a serious trade secret case…based on the facts, the employee might have simply grabbed the files and decided to develop his own but similar solution(s) in an interview with Uber, which is shady but using your own industry knowledge to get a job with someone else isn’t illegal and it shows me that maybe Google wasn’t valuing this particular employee enough.