The question initially asks about security benefits, but then opens out to ask for "the better option" generally, and why.
In this answer I'm looking a the broader question, "which is best and why", for 2 reasons: first, being realistic, you won't decide on security alone (cost? knowhow? time? strength of personal feelings for/against privacy? enjoyment of challenge? other non-security pros/cons/motivations), and second, because security can be considered within the broader picture anyway.
Framing the question
Giving a definitive answer to the question as posed isn't always easy, because the decision almost always involves personal preferences (you might not be at much risk of intrusive data mining but still have very strong feelings about avoiding it if practical), and incomplete information (the actual risks which an infosec specialist could assess better than you, including your own ability to manage data if you keep it locally and the data safety of the proposed commercial host).
Fortunately I suspect that's largely a non-issue for your needs and this question, because the question suggests that you aren't already a data security specialist. So any answer has to fit an "informed enthusiast looking for their best options" or similar. That means any answers where you magically make it all secure from scratch probably aren't suitable, which means we can look at the question from another angle that makes it much simpler.
Answer
From your question, the first definite point to discuss is the possible use of prebuilt systems (such as open source distributions that include cloud storage as part of an "all-in-one"/"out-of-the-box" general storage server). In these systems you don't just install a cloud storage package onto your OS. You install a complete customised and dedicated file server, which also provides cloud storage as a feature. You install from CD/USB, use the GUI/web to configure, and it's done.
This can be a very helpful source of assurance, because if its a well known project and has a reasonable security focus, then you can count on their own work (and their community of contributors) to cover a huge amount of the security unknown.
What I mean is, I wouldn't trust myself to set up FreeBSD, install NextCloud/OwnCloud/whatever, and trust it for security, but I probably would be comfortable downloading the FreeBSD-based installer for FreeNAS, configuring it in the GUI for those tasks, enabling the NextCloud/OwnCloud plugin, and doing it that way, because the scope for my own ignorance and knowhow to wreak havoc is quite constrained, purely because the options I configure are preset in the GUI, they are functional, the important settings are already done, and it's mostly very clear to understand (or ask about if unsure). I'd still need to know some things, but much less and much more obvious. In fact that's exactly what I have done, minus cloud storage which I don't use.
So I'm going to assume that this is how you'd approach it if you did it yourself.
That means the real comparison isn't Google Cloud/Dropbox vs. do-it-yourself NextCloud/OwnCloud. It's Google Cloud/Dropbox vs. FreeNAS/NAS4free/Openfiler/Nextenta/OpenMediaVault etc that also supports NextCloud/OwnCloud - which has been properly configured and secured within a jail - and that's a very different proposition. It's much easier to be sure of the situation and security you'll end up with (the 'downside risk').
If the underlying system is good, the team building it is security aware, and you are comfortable with the basic config likely to be needed, then you will probably get a good level of security by any usual standard and can choose the final decision based on personal antipathy to commercial cloud storage and cost, which sounds like what you're after.
As an example, if you look at a similar decision for routers and firewalls, I switched many years ago from a commercial router to pfSense. Factors relevant to the decision included:
- Cost (couldn't afford a router with the connections handling capacity I would need),
- Physical access security (short of Secret Service/NSA breaking into my home, nobody is in a position to access or interfere with my computers through physical access except me. If you have hacky kids, housemates or visitors, consider the security of your data disks, backup disks (including where you keep them), physical keyloggers, FireWire/other accessible DMA devices and ports, or whatever)
- Non-physical security (based on FreeBSD which is probably a lot more secure than most Linux or Windows setups, compared to most domestic routers which stop getting updates after a while or are just insecure by design or (very often) have huge security holes due to bad OS config, very popular/large community/serious use, speedy responses to security issues, team appears to have a firm eye on security, has published security audits of the software by third party assessors which showed few issues, suggesting the team knows its job, enterprise security features if I ever want to get heavier on security),
- Future-proofing (likely to have ongoing updates and active development for many years, or be forked if not, large user base, extensible and adaptable for almost anything I might need/want from it in future, even on my old Pentium 4 boards from 2003 which I have no other use for, I can get performance of hundreds of thousands of connections, caching, filtering, etc.),
- Certainty of code/privacy (well-known open source, backdoors unlikely and guaranteed killed if ever found (including backdoors claimed to be "for support, honestly, bad guys won't find them!" as some products secretly have) runs on own hardware),
- Easy to manage (very straightforward GUI after a bit of learning curve, any issues likely to be able to be addressed without buying another router),
- and for the file server I later added, guaranteed data storing (some cloud providers suddenly failed or lost data when hacked, while not common you can't know what is happening "behind the scenes" and how dependable their setup and disaster recovery will be in reality, as a security specialist would assess it, because you just don't get access to that sort of knowledge).
I've used this platform for my router for many years now, and rarely need to do anything to maintain it apart from click when there's an update, and runs for months without issues. I've been using FreeNAS for data storage for a few months so far and it's been rock solid, any issues have been down to properly configuring the shares, so I expect much the same benefits from it. It just keeps going, and once I get to a config I like, then I suspect I will barely need to know its there after that point.
The main downside in that equation is cost. Say you have 4TB of data (or whatever)... you might be committing yourself to a surprising hardware cost if you went that route:
- Up to 4-6 x the amount of storage capacity compared to the actual data you expect to store, meaning for 4TB data you'd want up to 16-24TB of disks (file systems and especially the very reliable ones like ZFS used in many storage setups, might not want to be over about 60-80% full, disks fail so you need redundancy, and you do plan to keep a backup as well don't you?),
- A good quality motherboard probably with ECC/RDIMM memory (platform stability, probably means using a server not consumer board for the ECC),
- Lots of RAM (ZFS is hungry that way!),
- At least one, maybe more decent SSDs (mainly for write cache but if affordable and needed then also for read cache),
- Good quality power supply and probably a good brand secondhand UPS (so that power glitches don't trash the data),
- Probably at minimum a second smaller, less well specified box for nightly backups/clones (replication, in case the entire primary box goes bang, so you don't lose it all).
- Periodic replacement costs as equipment fails (each disk might need replacing every few years, so 4-6 disks might average 2+ a year if they're cheapest commodity type or about 1 a year for 5 year enterprise types)
- Power (in some countries and locations, electricity is expensive and running a server with multiple drives will definitely add to the bill)
So cost is definitely an issue to consider when it comes to storage locally or in the cloud, because with a commercial provider you don't have to worry so much (usually!) whether their hardware and backup approaches are data-safe. Less so when it comes to say, a router where you can just restore config onto new hardware and carry on as normal if it all goes bang.
There may be workarounds if decent hardware cost is an issue. For example you might decide to run it on commodity or consumer hardware, with no backup or redundancy other than using two disks configured as a mirror. That would slash the cost a lot. You'd then set a task to copy your modified or important data into an encrypted disk system locally (truecrypt/veracrypt etc) and upload that to Google/Dropbox instead, or keep a copy on a third disk which you put safely on a shelf and update weekly. That might be a possible solution to the cost issue, but as with all compromises you'll have to consider if it works and the pros and cons for you.
As a guide and if it helps, I'm doing it all locally and its a lot of hardware - the primary server and UPS probably contains 8 x £250 ($300+?) of enterprise data HDDs, another £500 SSDs, and about 96GB of ECC ram for another £500 - and that's before the CPU, motherboard, PSU, UPS, and backup server. I've saved a bit with two 'tricks': using a decent commodity brand for the backup (less worried about it once there's multiple copies of the data), and by having it do "double duty" (it acts as a router and service host when I'm awake during daytime, and when asleep and the network is quiet at night it grabs a copy of the current file server contents acting as a backup server) But that's my situation, yours may differ.
