Caveat: I am not a lawyer.
SSL Scanning in and of itself doesn't satisfy any privacy laws.
How you configure it + your corporate policies may or may not satisfy your local/global privacy laws.
If you are going to implement SSL interception, I recommend having a very explicit corporate Acceptable Use Policy that states that all transactions on the network are monitored and logged and ensure that all employees have accepted that AUP as well as a plan and/or policies as to how the decrypted data will be handled/used and have approval/buy-in from your Legal department/corporate counsel.
Web Gateway itself can be configured to bypass SSL interception for specific categories, specific destinations, specific sources, etc.
You could do a Google search for the legal ramifications or implications of SSL interception to get a better feel for what you're looking at, but ultimately if this is a global deployment, the legal aspects need to be examined for each location and that's where the Legal department/corporate counsel/other legal resources come into play
thanks, will pass the buck then to the legal eagles!
Cound't really find much legal info on ssl interception on the net.