Allow me to be devils advocate here. I'm the all powerful Admin. Whether or not you're on company time isn't the boundary here, it's the network. If you're on my network, I have the right to inspect your traffic and/or restrict access. Not just the right, it's part of my job responsibilities.
While I don't agree with these policies on a personal level, I've seen enough to understand it's usefulness in certain environments.
To avoid these kinds of things, always use your own device on your own internet for all things outside of work. Then you only have to worry about the upstream snooping your data.
Notice that I never challenged the result of the ruling -- I actually think it's totally fine to give employers the right to inspect equipment they own and I pedantically follow the advice you suggest by absolutely never logging into any personal account or generating any non-work-related web traffic on any work-owned devices. I want to personally ensure that if an employer ever does see fit to inspect my workstation, it will just be super boring for them. I try my best to extend this to my work emailing habits too, by trying to write the shortest possible emails, and trying to respond to people with in-person responses when possible, to avoid proliferating paper trails of my own conversations.
The only thing I am saying is that this is a two-way street. If employers are allowed to investigate networks because of some socially constructed and arbitrary property (e.g. it is "work-related") then why aren't employees allowed to do the same thing, or to ensure that a certified third-party arbiter can do so on their behalf.
My issue is not that employers can see what employees do on employer-owned property. My issue is that employees should also be able to see what employers do, to verify that they are acting in the best interest of the employee in situations where an employee has a right to expect that. If it is "the company" that owns these things, machines, HR files, etc., then why does only one 'class' of corporate citizen get to have the access (the executive class, generally administered through a layer of HR/legal/compliance officers) while huge other classes of corporate citizens, regular workers, who are just as much "the company" as anyone else is, are never allowed symmetric access to make sure of the issues that could affect them.
Saying that "the company" owns things is not helpful, because if we're all equally "the company" then we all have our professional lives riding on adherence to company policy, verifiably not committing fraud, and so forth. Yet courts consistently side with the ruling classes within a company and clearly support the idea that employees do not get to have such access.
The other point I raised is that, even granting the company has the right to investigate what transpired on its owned equipment, why does that mean that the company itself gets to be the entity that performs the inspection? If we wanted to (a) determine whether or not a worker inappropriately used company property and also (b) protect that workers privacy, at least as far as it is related to the employer, then we should be willing to let a neutral third-party arbiter perform the investigation and agree in advance to be bound by its decision.
I guess what I'm saying is that it's much more complicated than "Company owns the machine. Company can do what they want." No. They can do what we determine it is right for them to do. Maybe that is doing X but not Y if we value protecting Y. We can make these laws or make them part of negotiated employment agreements, but rather than doing so, we allow ourselves to be asymmetrically treated as a lower class within the organization, and we rationalize reasons post facto for why this should be so.
While I don't agree with these policies on a personal level, I've seen enough to understand it's usefulness in certain environments.
To avoid these kinds of things, always use your own device on your own internet for all things outside of work. Then you only have to worry about the upstream snooping your data.