Isn't it kind of creepy that you manage which websites people can visit and spy on their usage? I disagree that this is needed for "adequately managing their network."
Generally we don't monitor activity, we just filter it. As I say "I'm an engineer, not the HR department". But there's significant legal and reputational risk to not preventing illegal activity from your network, and major security risks to not blocking malicious content from things like ad companies. Unsurprisingly, the lead pusher of HTTP/3 and QUIC is the world's most pervasive ad company.