Well, the privacy statement is here - http://www.pathintelligence.com/en/products/footpath/privacy
"In developing FootPath™ we have ensured that you cannot, at any time, be personally identified as a result of your travel through premises in which FootPath™ operates.
FootPath™ detects only a regularly changing, random number which contains no personal information. As we do not access this information in real time, or divulge this information to any third parties, it is not practicably possible for you to be identified by the operation of FootPath™.
We have consulted with various privacy groups and the Office of the Information Commissioner to ensure that our operating procedures protect your privacy. In particular we ensure that your privacy is protected by the following means:
Security - our detector units are secure and are accessible only by our highly trained personnel. Staff at shopping centres do not have access to our detector units. This ensures that information detected by our units cannot be combined with other information from other systems that may allow you to be identified (for example, a CCTV camera in a shopping centre).
Aggregation - Aggregated data is collected from our detector units and sent off to our offices the evening following the day in which the data was collected. Accordingly, it is not possible to match your individual movements with the aggregated data collected by the detector units. By way of example, we may inform a client that 500 people that visited John Lewis also went on to visit Marks and Spencer on a particular day.
Anonymised data - The analysis of the path information obtained by FootPath™ is provided to each client in anonymised, aggregated form only. It is therefore impossible for a client to identify you by linking the contents of our analysis with, for example, images from their CCTV system.
Commitment to privacy - as a voluntary 'fail-safe' mechanism, we have also agreed, as a company, not to access any information that would allow us, or a third party to link any path information with any other data or information that would allow you to be identified"
Which certainly leaves a lot of open questions...