(Not asking for legal advice; but your thoughts, experiences, and opinions.)
Say your main website is on the web, but some resources on it are fetched from a DNSLink enabled subdomain. Meaning that those resources may be retrieved from other users over IPFS which has some privacy implications. This is how DTube works, for example (they notably don’t have a privacy policy.)
How on Earth do you explain that in your website’s privacy policy?
Windows Update has Delivery Optimization, which is essentially the same thing and shares the same challenges as IPFS when it comes to privacy and privacy policies. Microsoft simply doesn’t acknowledge that there is any issues and sticks to explaining that Windows will “look for updates on other PCs”. https://privacy.microsoft.com/en-us/windows-10-windows-update-delivery-optimization
Update: Microsoft uses a cloud-service to discover peers (like a BitTorrent tracking server) so you’re not making broadcast requests like DHT but you still receive the IP address of other Windows users from Microsoft’s servers.