In the past you could block users from accessing sites at work by configuring the proxy/firewall. Don't want them looking at Facebook, block Facebook at the proxy. Don't want them trawling torrent sites at work? Block the traffic at the perimeter. Don't want them looking at porn, gambling, or sports sites? Block the traffic at the perimeter. If a computer was connected to the organizational network, all the traffic had to go through a gateway you controlled on the perimeter network. Although there were a few smart users who got around this restriction by using TOR, for the most part administrators could enforce an "acceptable use" policy when it came to browsing at the network level. Users didn't browse verboten sites because they were incapable of doing so.
So how does "acceptable use" work in an age of BYOD? If the devices are all using the organizational network, it's not a problem. You can still block traffic at the network level. However increasing numbers of BYOD devices come with their own internet connections. You can't block someone from visiting Facebook at the perimeter if they're using their own connection to route around your blockade.
This is one of the many challenges that organizations that allow BYOD face. Organizations restrict browsing for a variety of reasons. Productivity is definitely part of the reason, but hostile workplace lawsuits are also more possible if BYOD users start browsing some of the darker places of the internet. What will complicate matters is that when people use their own internet connections to browse verboten sites, there won't be any proxy logs to confirm or deny that the activity occurred.
It would be nice to assume that people will simply follow the rules and not browse problematic sites, but the reality is that people have a different perception of what constitutes "acceptable usage" when they are using their own device.
Prior to allowing open slather BYOD in your organization, remember that a many of the existing policies regarding acceptable use and behavior are going to need to be revisited.
