My employer in Germany (U.S. company with an incorporated branch in Germany) recently started using Deep Packet Inspection and is decrypting all SSL traffic. While they're not logging all keystrokes, they can read everything.
Reading about this topic, it seems this is also not legal, especially when limited personal internet usage is allowed as well in the contract.
What's the right way to approach this issue? I guess if someone brings this up, they'll just update contracts and say that personal internet usage is forbidden? It still feels like someone is watching you.
If you have legal insurance, ask the lawyer to look into it and write a letter. This seems very illegal and a single letter from a lawyer will scare the company enough to stop it.
They probably inspect the traffic for information security. Specifically to check if there is no hacking going on (suspicious data extraction, c&c calls etc)
Reading about this topic, it seems this is also not legal, especially when limited personal internet usage is allowed as well in the contract.
What's the right way to approach this issue? I guess if someone brings this up, they'll just update contracts and say that personal internet usage is forbidden? It still feels like someone is watching you.