Not sure how this is different from something like Dropbox (which stores stuff on S3 iirc). So technically, you can have Dropbox people looking through your stuff, and you can also have Amazon people looking through your stuff. Obviously, if this ever happens without a good reason, employees that do this can get fired and/or sued (and the company itself might also be held liable). Everything is also logged, so there's a paper trail. I skimmed over both the T&C and the Privacy Policy and it doesn't really seem that Notion breaks from this norm.

A gentleman's agreement with some foreign entity just isn't good enough.

At least on Dropbox, S3, OneDrive, etc. we can encrypt our own data (which I actually do). There is no such option in Notion.

All of those are blob/file based, when the service provider needs to offer services like search and ways to make deeper inferences between pieces of data it's pretty much impossible to have all the encryption handled client-side.

I'd be interested to see examples/arguments where it works though.

This is an extreme use case. For example, S3 is HIPAA compliant, so I'm sure there's plenty of very private medical data that's not encrypted on S3.

Not sure about DropBox, but AWS has alot of protections around what goes into S3. I have worked with them to address issues that come up in the service, and they couldn't access our data, even when we would have been fine with it. Had to copy it somewhere else for them.

All they could access was a service logs.

See https://aws.amazon.com/compliance/data-privacy-faq/

These are merely procedural rules (access keys don't grow on trees), which I'm sure Notion also has in place.