Just about every EU-based company allows for network defense and visibility to include things like SSL inspection and egress monitoring. Some may consider this surveillance, but what needs to be stated from a governance standpoint is that this monitoring is reasonable from a risk mitigation standpoint and the expectation needs to be written within acceptable usage policy.

Even more restrictive countries like Germany are fine with this.