Intercepting the network traffic of dishonest employees stealing company time and network access is perfectly legitimate
Why are you assuming that the employees are dishonest and stealing company time and access? My company specifically allows personal use of their network (within certain limitations), so nobody here is being dishonest.
as is the company reselling the captured personal data in the open market.
That's nowhere near legitimate, regardless of whether the employee is honest or not. That's an even greater level of dishonesty than someone checking their bank account on company time. If I found a company did that to me, I'd sue them as hard as I could, and I think I would have a decent shot of winning.