First off, putting cameras in restrooms is illegal in most places.
Regardless of that, it boils down to a legitimate company need. Ensuring that users aren't using passwords definitely passes that test. Ensuring that employees aren't sexually harassing other employees also definitely passes that test. Yes, it's unusual that a password tipped people off to bad behavior, but if you see possible evidence of bad behavior, even if it comes from a strange source, you are ethically obligated to look into it. And for a company, not doing so could create legal liability.
Now, bathrooms? Well, for starters, you said "use of work bathrooms being made public". There was nothing "public" about this password case. The password was shared, privately, with HR and the guy's manager. The closest possible bathroom analogy I can think of might be someone reporting to HR that they see someone going into the bathroom multiple times a day, coming out with white powder residue under their nose, and subsequently acting very strangely, like they're on drugs. Which... seems like an entirely appropriate thing to notice and report.
To expand on the company need angle, logging in to your work account on your work computer hardware is absolutely a part of your job. Work has a vested interest in securing their computer systems while allowing authorized employees only to use them to conduct their work.
On the other hand, going to the bathroom is completely ancillary to your job. It's not a work-related duty; it's just something that humans have to do because we're made out of meat.
First off, putting cameras in restrooms is illegal in most places.
Regardless of that, it boils down to a legitimate company need. Ensuring that users aren't using passwords definitely passes that test. Ensuring that employees aren't sexually harassing other employees also definitely passes that test. Yes, it's unusual that a password tipped people off to bad behavior, but if you see possible evidence of bad behavior, even if it comes from a strange source, you are ethically obligated to look into it. And for a company, not doing so could create legal liability.
Now, bathrooms? Well, for starters, you said "use of work bathrooms being made public". There was nothing "public" about this password case. The password was shared, privately, with HR and the guy's manager. The closest possible bathroom analogy I can think of might be someone reporting to HR that they see someone going into the bathroom multiple times a day, coming out with white powder residue under their nose, and subsequently acting very strangely, like they're on drugs. Which... seems like an entirely appropriate thing to notice and report.