As a concrete thought experiment, consider if (say) a WWW/DNS hosting company providing such free proxy DNS service decided to covertly record the domain name lookups from the general public that fail in order to compile a list of domain names for the company to prospectively squat on. Having multiple employees handling the public service doesn't stop this if it is the company's actual business decision to sneakily do this.
It really is a statement of bus factor, not about oversight. To make a statement about oversight one has to take into account something else not covered by this list: which of the list entries has attempted to show some level of independent auditing or oversight of its data protection.
* https://blog.cloudflare.com/announcing-the-results-of-the-1-...
CloudFlare has had some independent auditing done, by an accountancy firm. DNS4EU holds itself subject to GDPR rules on Personal Data with respect to query data, and so is auditable by the Czech ÚOOÚ. AdGuard likewise, except that it holds Personal Data in Frankfurt. CZ.NIC likewise, except that it hasn't actually updated its legal doco since 2018 and it's only by implication that the Czech ÚOOÚ can audit the Personal Data handling under the GDPR. DNS.SB simply disclaims the existence of any Personal Data whatsoever, which as with AdGuard is overseen by the German BfDI and relevant Land authorities (HBDI for Frankfurt).
* https://legal-documents-dns4eu.s3.fr-par.scw.cloud/DNS4EU-Pu...
* https://adguard-dns.io/en/privacy.html
* https://nic.cz/files/documents/20180525_Zasady_zpracovani_os...
* https://bfdi.bund.de/EN/Home/home_node.html
* https://datenschutz.hessen.de
Even Thomas Steen Rasmussen, who also claims zero Personal Data, would be subject to oversight by the Datatilsynet.