Imagine the legal consequences too, when the services you host make sent personal data to an (otherwise valid) data processor, but surprise the network-wide policy sent traffic went through a random third party that is not part of the Data Processing Agreement and privacy policy given to the end-user/data subject...