Well, presumably they would just store *hashes* of fingerprints, no? I can't imagine that anybody could be so stupid as to store the actual fingerprint data in the cloud. Even if encrypted. That would be far worse than storing an encrypted private key in the cloud. Keys can be revoked. With fingerprints, revocation would be expensive.
That's what I used to feel about the possibility that bulk internet surveillance would actually be a government policy. These days, I presume that anything dumb is likely to happen, in part because the people perpetrating the apparent dumb-ness do not bear the costs of breach, they get rewarded instead without accountability.