It’s not about you sifting through the data to find out where your employees are browsing. It’s about detecting malicious payload, first and foremost. DLP is an added bonus (and if required, can only be useful if SSL/TLS is being decrypted).
Simple example:
A user downloads something from the internet over an ecrypted TLS session. Your firewall can’t know what’s inside. It could be a piece of malware. If the firewall can decrypt the session, it can detect the malware inside.
And by the way, you can not see the full URL on TLS sessions. Only the FQDN.
Not at all. The firewall does this for you. You set a policy and the firewall acts accordingly. That being said, having to “sort through a lot of data” isn’t a good enough reason to sacrifice on your security posture.