1. Is there a set of rules that narrow down what is a good private key?
A private key is a 256 bit number. So basically there is just 1 (very important) rule: Randomness.
The RNG is probably the most popular attack path when trying to crack (implemented) crypthographic functions.
2. Is there anything in place to avoid collisions (multiple private keys to one address) other than statistics?
Multiple
private public keys to one address referes to hash collision:
Since there are 2^256 public keys and 2^160 addresses, there are 2^96 public keys which match to one address (on average).
For address collision (where 2 people accidentially generate the same address (spendable priv-/pub- keypair for this address):
Not statistics is keeping this from happening, but maths. 2^160 is about 1,460,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.
There isn't enough energy on earth to even generate a small percentage of all of those addresses.