>>chaz6+(OP)
The second party in this instance is the organisation, including the user. The enterprise owns the pipe, the router, the endpoint device, the chair the user sits on, and the time being used by the employee while they are not on a break. They are a representative of the enterprise while they use a workplace computer, and while they do have an expectation of privacy on devices under certain circumstances, that is balanced with my need to protect the enterprise from bad actors. I am
obliged to MitM the significant majority of SSL connections, but I do so after acquiring informed consent from the employee. This is via both workplace policy to which they must agree to remain employed, and via clickthrough notification on logon that SSL is intercepted and use is monitored. In exchange, I will only make use of information collected that is pertinent to such protection activities. For instance, if I see a Bookface post about a party at the weekend posted during a break, that is discarded. If a post is captured that is sending business-confidential information to a competitor, that is collected and used in a formal process.
If you break my ability to monitor the use of my devices, your product is dropped from my network. You'll also find that it is dropped from the entire education sector. That is why Chrome has backed off this change.