Many companies want to keep their customer data private to make their customers happy. However, companies like PayPal can be held responsible by governments when customers data involves illegal content. PayPal is concerned about costly government lawsuits when someone they do business with is in violation of the law. Therefore, PayPal has an incentive to demand that companies they do business with monitor their customer's data.
It is my belief that PayPal as a business can certainly set its own policies and procedures just as any other business can. If PayPal wants to make monitoring customer data a requirement for its users and a potential user does not want to do that, it is the user's decision as to if they become or remain a PayPal user.
PayPal made headlines when they asked Seafile (a German knockoff of Dropbox) to monitor customer data in case illegal content is shared through the system. PayPal was right to make this request: they are a company that bills itself as a new kind of economy, and keeping illegal activity in check is part of maintaining a healthy economy.
No, PayPal has no right to demand monitoring of customer data. My viewpoint is that only a court of law should have the power to order a company to monitor its users' data. What PayPal is demanding of Seafile is a warrantless search, and a corporation has no legal standing to make such demands. This is especially in the European Union, where data protection laws are very strong.