[meowface]

I was in the position of having to review people's browsing history, and occasionally their emails, at a large company. We were in charge of all internal investigations: phishing, malware, suspicion of IP theft or misconduct, and even micromanagers who wanted to see if their employees were slacking off or working at the times they claimed.

We never looked at anyone's activity without a clear reason, but that reason wasn't always very justifiable by my personal standards. However, I'd say most of it was necessary (like when tracing root cause of an alert or infection). My naive guess is this is probably pretty close to how it is in most big US companies.

For the times that were unnecessary (assessing "productivity"), our team, including our managers, always tried to provide as much evidence and guidance as possible that would work in the employee's favor, because we all knew it was complete bullshit and a big overreach. It's also very difficult to tell exactly what someone was or wasn't doing at specific times just by their browsing history. (We didn't have screen recording spyware or anything like that.) I'd say 98% of investigations were necessary and 2% were bullshit like those.

Reading emails or IMs was extremely rare and reserved for people replying to scammers/phishers, or accusations of serious misconduct or crimes.