Spying on your employee, or using covert monitoring tactics, is rarely legal. Not sure on the criminality, but privacy laws are enforceable. Also, there's a distinction between monitoring and spying.
I'm not sure how that article claims that spying is illegal. Typically it isn't illegal for a company to monitor is own equipment. That article says they can't force you to divulge your social media password. Most companies prohibit you from doing personal stuff on your work computer. I'm not saying it is right, but I don't know if any laws in America that make it illegal.
They install cameras everywhere, they have a full rootkit on your machine, they log every network interaction and email/chat and they let themselves do it through 100s of pages of policy documents that you have to sign as a condition of employment. It might as well be covert in practice.
Using snooping software for recording of all command lines, including arguments, is common practice at many companies.
Also when network connections are recorded it does not stop at a list of ips, surveillance software commonly also provide easy-to-consume search facilities and cross reference capabilities, dashboards including comprehensive history and supplied annotation, i.e can tell when and how often you visited facebook.com, what you looked at, how much time you have spent at non-essential sites, and of course it also does this when you're at home using your employer's laptop for WFH or anything else.
The same is true when using a company phone when travelling, it can not only tell your employer where you're staying currently, but also where you usually stay at your holidays.
One such software is ms atp, if you have "Advanced Threat Protection" installed, it does occur. I would be surprised if it holds up in any EU court, because when I worked with development of similar software, long before gdpr, it did not.
