UK law is slightly different i.e. while employers should inform employees that they are being monitored (why, how, what, where and when) and there is some accepted derogation of the right to privacy as a result, it is not an absolute derogation.

Any monitoring should be commensurate with the risk and should be done overtly and using statistical methods rather than being targeted or covert (except where serious criminal activity or civil liability is suspected).

Anything OTT (e.g. keystroke logging) or targeted surveillance for more minor offences would probably lead to the case against the employee collapsing and the employee being able to sue for constructive or unfair dismissal. This almost certainly covers using keystroke logging to measure productivity (though how you would know the keystrokes were productive I don't know e.g. I could set up a nodding dog to click the keys Homer Simpson style or my keystrokes could really be a sign of how much time I am spending surfing the net and contributing to 'hacker' forums

This is not legally binding but merely a guidance code which the courts can use in intepreting Data Protection laws but I think it would kick in in favour of the employee not the employer.

In addition, there are also laws limiting the right to intercept communications (RIPA).