WiFi Footfall Analytics: How to Measure and Act on Visitor Data

This guide provides IT managers, network architects, and venue operations directors with a practical, technical reference for deploying WiFi footfall analytics across hospitality, retail, events, and public-sector environments. It covers the full data pipeline — from 802.11 probe request capture and RSSI-based positioning through to GDPR-compliant data processing and actionable business intelligence dashboards. Readers will leave with a clear implementation framework, real-world case studies, and the decision criteria needed to select, deploy, and optimise a WiFi analytics platform this quarter.

📖 7 min read📝 1,668 words🔧 2 examples❓ 3 questions📚 9 key terms

🎧 Listen to this Guide

View Transcript

Hello and welcome. I'm your host, and today we are diving into a critical capability for any modern physical venue: WiFi Footfall Analytics. We're going to discuss exactly how to measure and act on visitor data, looking past the marketing fluff to the technical realities of deployment.

Whether you are managing a global retail chain, a stadium, or a hospital network, understanding how people move through your space is no longer a nice-to-have; it is an operational imperative. We'll cover the architecture, the metrics that matter, and how to avoid the common pitfalls that cause these projects to fail.

Let's start with the technical deep-dive. How does this actually work? At its core, WiFi footfall analytics relies on the 802.11 protocol. Every WiFi-enabled device — smartphones, laptops, wearables — periodically sends out what are called probe requests to discover nearby networks. These requests contain the device's MAC address and a timestamp.

Your venue's WiFi access points listen for these probes. By measuring the Received Signal Strength Indicator, or RSSI, the system can estimate the distance between the device and the access point. When multiple access points hear the same probe, the analytics engine can triangulate the device's position on your floor plan.

This raw data is then aggregated and anonymised. To comply with GDPR and other privacy frameworks, the MAC addresses are typically one-way hashed at the edge before being sent to the cloud. The analytics engine then processes this data to calculate metrics like footfall count, dwell time, and return rate.

But collecting data is only half the battle. The real value comes from integration. For example, Purple's Guest WiFi platform can act as a free identity provider for services like OpenRoaming. When a user authenticates, you transition from anonymous footfall data to known-user profiles, enriching your CRM and enabling targeted marketing.

Now, let's talk about implementation recommendations and pitfalls. The most common point of failure is poor access point placement. If your APs are clustered together or placed behind structural interference, your location accuracy will plummet. You need a proper RF site survey before deployment.

Another pitfall is ignoring MAC randomisation. Modern mobile operating systems randomise MAC addresses to protect user privacy. If your analytics platform doesn't account for this, your footfall numbers will be artificially inflated. You need an engine that uses advanced heuristics or encourages user authentication to deduplicate these records.

Let's move to a rapid-fire Q&A based on common client questions.

Question one: Do visitors need to connect to the WiFi for us to count them? No. Passive scanning captures probe requests from any device with WiFi enabled, even if they don't authenticate. However, connecting provides richer demographic data.

Question two: How accurate is the location tracking? With standard WiFi, you can expect an accuracy of five to ten metres. If you need sub-metre accuracy, you should look into combining WiFi with Bluetooth Low Energy beacons or Ultra-Wideband technology.

Question three: What is the ROI? ROI comes from operational efficiency — like optimising staff schedules based on peak hours — and increased revenue through targeted retail media monetisation on the splash pages.

To summarise, WiFi footfall analytics transforms your physical venue into a measurable asset. Start with a solid RF design, ensure privacy compliance from day one, and integrate your network data with your broader business intelligence tools. Thank you for listening, and best of luck with your deployments.

Key Takeaways

✓WiFi footfall analytics uses passive 802.11 probe request capture and RSSI-based trilateration to count visitors, measure dwell time, and map movement paths across venue zones — no active connection required from visitors.
✓MAC address randomisation (iOS 14+, Android 10+) inflates raw device counts by 20–40%; always validate your platform's deduplication performance against a manual ground-truth count before presenting data to stakeholders.
✓GDPR compliance requires MAC address anonymisation at the edge (not in the cloud), a clear consent notice on the Guest WiFi captive portal, and a documented legitimate interests assessment for passive probe capture.
✓The highest ROI comes from integrating anonymous footfall data with authenticated Guest WiFi profiles, enabling return-visit tracking, CRM enrichment, and retail media monetisation on the captive portal.
✓Always establish a four-to-eight week baseline before making operational changes; WiFi footfall data is only actionable in the context of historical patterns that account for day-of-week and seasonal variation.
✓When benchmarking multiple sites, normalise footfall by venue size (visitors per 100 m²) and operating hours to produce valid like-for-like comparisons across different property formats.
✓Zone design is an operational decision: define zones at the level of actionable business decisions, not at the maximum granularity the technology supports. Start with 5–10 meaningful zones and expand as analytical maturity grows.

Executive Summary

WiFi footfall analytics converts your existing wireless infrastructure into a continuous, venue-wide measurement system. By passively capturing 802.11 probe requests from visitor devices, processing RSSI signals across multiple access points, and applying anonymisation and aggregation at the analytics layer, operators gain accurate counts of unique visitors, dwell time per zone, peak-hour distributions, and repeat-visit rates — all without requiring visitors to actively connect to the network.

For a CTO evaluating this capability, the key decision points are: accuracy requirements (standard WiFi delivers 5–10 m precision; BLE or UWB augmentation is needed for sub-metre use cases), privacy compliance posture (GDPR mandates anonymisation at the edge and transparent consent flows), and integration depth (the highest ROI comes from linking anonymous footfall data to authenticated user profiles via a Guest WiFi platform). Purple's WiFi Analytics platform addresses all three layers out of the box, covering Retail , Hospitality , Healthcare , and Transport deployments. For a broader introduction to the analytics discipline, see What Is WiFi Analytics? A Complete Guide .

Technical Deep-Dive

How WiFi Footfall Analytics Works

The foundation of WiFi footfall analytics is the IEEE 802.11 probe request mechanism. When a device's WiFi radio is active — whether or not the user is connected to a network — the device broadcasts probe requests to discover available SSIDs. These frames contain the device's MAC address, a timestamp, and supported data rates. Access points across your venue passively receive these frames and forward them, along with the measured RSSI value, to a centralised analytics engine.

The analytics engine performs four core operations. First, device detection: each unique MAC address observed within a configurable time window is counted as a distinct visitor presence. Second, positioning: by comparing RSSI values from multiple APs that heard the same probe, the engine applies trilateration or fingerprinting algorithms to estimate the device's location on the floor plan, typically to within 5–10 metres for standard 802.11ac/ax deployments. Third, dwell time calculation: the engine tracks the first and last probe observation for each device within a session, computing the duration of presence per zone. Fourth, anonymisation: MAC addresses are one-way hashed using SHA-256 or equivalent before leaving the edge, ensuring no personally identifiable information is transmitted to or stored in the cloud analytics layer.

MAC Randomisation and Its Impact

A critical technical challenge for any WiFi analytics deployment is MAC address randomisation. Since iOS 14 (2020) and Android 10 (2019), mobile operating systems randomise the MAC address used in probe requests on a per-network or per-session basis. This means a single physical device may appear as multiple distinct MAC addresses over time, artificially inflating raw footfall counts by 20–40% if not corrected.

Mature analytics platforms address this through several mechanisms: temporal clustering (grouping probe bursts from the same physical location within a short window), signal fingerprinting (matching RSSI profiles across APs to identify likely device continuity), and authenticated session binding (when a user connects via a Guest WiFi captive portal, the authenticated session MAC is linked to the probe history, providing a ground-truth deduplication anchor). For a deeper look at how positioning technologies interact with these challenges, see the Indoor Positioning System: UWB, BLE, & WiFi Guide .

Data Architecture and Standards Compliance

A production-grade WiFi footfall analytics architecture spans three tiers. The edge tier consists of the access points themselves, running firmware capable of probe frame capture and local hashing. The aggregation tier is a cloud or on-premises analytics engine that ingests hashed probe events, applies deduplication, and computes metrics. The presentation tier is the BI dashboard and API layer that surfaces KPIs to operations teams and feeds downstream systems such as CRM, workforce management, and digital signage.

From a standards perspective, the deployment must account for: IEEE 802.1X for authenticated network access (relevant when linking footfall data to known-user sessions), WPA3 for over-the-air encryption of authenticated sessions, GDPR Article 5 (data minimisation and purpose limitation — only collect what you need, for the stated purpose), and PCI DSS if the network carries payment card data alongside analytics traffic (network segmentation via VLANs is mandatory in this case).

Implementation Guide

Step 1: RF Site Survey and AP Placement

Accurate footfall analytics begins with a professional RF site survey. The goal is not just coverage — it is location resolution. For trilateration to function, each point on the floor plan must be within range of at least three access points with distinct RSSI readings. As a rule of thumb, deploy APs at a density of one per 150–200 square metres in open-plan environments, reducing to one per 80–100 square metres in areas with significant RF interference (kitchens, server rooms, dense shelving). Use predictive RF planning tools to model signal propagation before physical installation.

Step 2: Firmware and Probe Capture Configuration

Enable probe request capture on your AP firmware. Most enterprise-grade vendors (Cisco, Aruba, Ruckus, Meraki) support this natively via their location services APIs. Configure the capture interval — typically 30-second aggregation windows balance granularity against data volume. Ensure that MAC hashing is performed on-device or at the local controller before any data leaves the site boundary. This is a hard requirement for GDPR compliance.

Step 3: Analytics Engine Deployment

Connect your APs or controller to the analytics platform via a secure HTTPS/TLS 1.3 API endpoint. Configure floor plan mapping by uploading your venue's CAD or architectural drawings and calibrating the coordinate system against known AP positions. Define zones — logical areas of the floor plan (entrance lobby, food court, Zone A retail, etc.) — that will be used as the unit of analysis for dwell time and footfall reporting.

Step 4: Guest WiFi Integration

Deploy a Guest WiFi captive portal to enable the transition from anonymous probe data to authenticated visitor profiles. The splash page should present a clear, GDPR-compliant consent notice explaining what data is collected and how it will be used. Offer social login, email registration, or OpenRoaming-based authentication. Each authenticated session provides a stable identifier that the analytics engine uses to anchor deduplication and enrich footfall records with demographic and preference data.

Step 5: Dashboard Configuration and Alerting

Configure your WiFi Analytics dashboard with the KPIs relevant to your venue type. Set up automated alerts for threshold breaches — for example, a real-time alert when footfall in a specific zone exceeds 80% of historical peak capacity, triggering a staff deployment response. Schedule weekly and monthly reports for distribution to venue managers and the operations board.

Best Practices

The following practices reflect deployment experience across thousands of venues and align with IEEE, GDPR, and PCI DSS guidance.

Privacy by Design: Anonymise MAC addresses at the edge, not in the cloud. This is both a GDPR requirement and a practical data minimisation measure. Never store raw MAC addresses in your analytics database.

Baseline Before You Optimise: Run the analytics platform in passive observation mode for a minimum of four weeks before making operational changes. You need a statistically valid baseline — accounting for day-of-week variation, seasonal patterns, and event-driven anomalies — before any metric becomes actionable.

Zone Granularity: Define zones at the level of operational decision-making, not at the level of technical capability. If your operations team cannot act on sub-zone data, creating 50 micro-zones adds complexity without value. Start with 5–10 meaningful zones and expand as the team's analytical maturity grows.

Multi-Site Normalisation: When comparing footfall across sites, normalise by venue size (visitors per 100 m²) and operating hours. Raw visitor counts are misleading when comparing a 500 m² convenience store to a 5,000 m² department store.

Integrate with External Data: WiFi footfall data gains significant analytical power when correlated with external datasets — weather, local events calendars, public transport disruptions, and promotional campaign schedules. This correlation is what separates a counting system from a genuine business intelligence capability.

Troubleshooting and Risk Mitigation

Failure Mode	Root Cause	Mitigation
Footfall counts 30–50% higher than manual counts	MAC randomisation not handled	Implement temporal clustering and encourage authenticated WiFi sessions
Poor location accuracy (>15 m error)	Insufficient AP density or poor placement	Conduct RF site survey; increase AP density in problem zones
Missing data from specific zones	AP firmware not configured for probe capture	Audit AP firmware versions; enable location services on all APs
GDPR audit failure	Raw MAC addresses stored in cloud	Enforce edge hashing; conduct quarterly data flow audits
Dashboard latency >5 minutes	Analytics engine under-provisioned	Scale compute tier; implement edge pre-aggregation
Low WiFi authentication rate (<20%)	Poor splash page UX or slow captive portal	A/B test splash page designs; optimise portal load time to <2 seconds

ROI and Business Impact

The ROI of WiFi footfall analytics materialises across three categories: operational efficiency, revenue optimisation, and capital planning.

On the operational side, peak-hour data enables precise staff scheduling. A regional retail chain that shifts from fixed staffing rotas to demand-driven scheduling based on WiFi footfall data typically achieves a 12–18% reduction in labour cost per visitor served, while simultaneously improving customer satisfaction scores by reducing queue times during peak periods.

On the revenue side, dwell time data is a direct proxy for purchase intent. Zones with high footfall but low dwell time indicate a navigation or merchandising problem — visitors are passing through rather than stopping. Correcting this through layout changes or targeted digital signage can increase conversion rates by 8–15% in affected zones. Additionally, the authenticated visitor profiles generated through Guest WiFi enable retail media monetisation on the captive portal splash page, creating a new revenue stream from advertising inventory.

On the capital planning side, multi-site footfall benchmarking provides the evidence base for property portfolio decisions. Which locations are underperforming relative to their catchment potential? Which sites justify a refurbishment investment? WiFi analytics provides the continuous, objective measurement that manual footfall counters and periodic surveys cannot.

For context on how these principles extend to connected vehicle and transport environments, see Wi-Fi in Auto: The Complete 2026 Enterprise Guide and the Internet of Things Architecture: A Complete Guide .

Key Terms & Definitions

Probe Request

A management frame broadcast by any 802.11 WiFi-enabled device to discover available networks. Contains the device MAC address, supported data rates, and optionally a target SSID. The primary raw data source for passive WiFi footfall analytics.

IT teams encounter this when configuring AP firmware for location services. Understanding probe request behaviour — including the impact of MAC randomisation on probe frame MAC addresses — is essential for accurate footfall counting.

RSSI (Received Signal Strength Indicator)

A measurement of the power level of a received radio signal, expressed in dBm (typically ranging from -30 dBm at close range to -90 dBm at the edge of coverage). Used in WiFi footfall analytics to estimate the distance between a device and each access point, enabling trilateration-based positioning.

RSSI-based positioning is inherently noisy due to multipath interference, building materials, and human body absorption. IT teams should understand that RSSI accuracy degrades in environments with dense RF interference, and plan AP density accordingly.

MAC Address Randomisation

A privacy feature implemented in iOS 14+, Android 10+, and Windows 10+ that causes devices to use a randomly generated MAC address in probe requests rather than the device's permanent hardware MAC address. Designed to prevent passive tracking of individuals across venues.

The single biggest technical challenge for WiFi footfall analytics deployments post-2020. IT teams must ensure their chosen analytics platform implements deduplication heuristics to correct for randomised MACs, or footfall counts will be significantly overstated.

Dwell Time

The duration of a visitor's presence within a defined zone or venue, calculated as the time elapsed between the first and last probe request observation for a given device identifier within a session. Typically expressed as an average across all visitors in a reporting period.

Dwell time is one of the highest-value metrics in WiFi analytics. In retail, it correlates strongly with purchase probability. In hospitality, it measures guest engagement with F&B and leisure facilities. Operations teams use it to evaluate the effectiveness of layout changes and promotional activations.

Trilateration

A positioning technique that estimates a device's location by measuring its distance from three or more known reference points (access points), using signal strength (RSSI) or time-of-flight measurements. Distinct from triangulation, which uses angles rather than distances.

The positioning algorithm underpinning zone-level WiFi footfall analytics. IT teams should understand that trilateration accuracy is constrained by AP density, RF environment quality, and the precision of RSSI measurements. For higher accuracy, consider augmenting with BLE beacons or UWB anchors.

Captive Portal

A web page presented to users before they are granted access to a WiFi network, typically requiring authentication (social login, email registration, or voucher code) and consent to terms of service. In WiFi analytics, the captive portal is the mechanism that transitions anonymous probe data to authenticated user profiles.

The captive portal is the primary data collection point for GDPR-compliant first-party data capture. IT teams must ensure the portal presents a clear, granular consent notice and that the consent record is stored with a timestamp and linked to the user's profile.

Footfall Capture Rate

The percentage of pedestrians passing a venue's entrance who actually enter, calculated by dividing authenticated or detected in-venue visitors by the external pedestrian count from a street-level sensor or camera system. A key retail performance metric.

Capture rate requires an external pedestrian count data source in addition to WiFi analytics. IT teams deploying in retail environments should plan for integration between the WiFi analytics platform and entrance camera or infrared counter systems to enable capture rate calculation.

Return Visit Rate

The percentage of unique visitors who return to the venue within a defined time window (commonly 7, 30, or 90 days), calculated by matching device identifiers across sessions. Requires either stable MAC addresses (increasingly rare) or authenticated user session matching.

Return visit rate is a loyalty metric that WiFi analytics platforms can calculate at scale without requiring a formal loyalty programme. However, MAC randomisation significantly impacts accuracy for unauthenticated visitors. Authenticated Guest WiFi sessions provide the most reliable return rate data.

Zone

A named, bounded area of a venue floor plan defined within the analytics platform, used as the unit of analysis for footfall and dwell time reporting. Zones are mapped to physical coordinates on the floor plan and assigned to one or more access points.

Zone design is an operational decision, not a technical one. IT teams should work with venue operations managers to define zones that map to actionable business decisions — not the maximum granularity the technology supports. Over-granular zone definitions create analytical noise without operational value.

Case Studies

A 120-property hotel group wants to use WiFi footfall analytics to optimise lobby staffing and F&B outlet opening hours. Their existing Cisco Meraki infrastructure covers all public areas. How should they approach the deployment?

The deployment should proceed in four phases. Phase 1 (Weeks 1–2): Enable Cisco Meraki location services API on all MR series APs across the estate. Configure probe capture with a 30-second aggregation interval. Map all public-area floor plans into the analytics platform, defining zones for: main lobby, check-in desk area, restaurant entrance, bar, gym, and pool. Phase 2 (Weeks 3–6): Run in passive observation mode to establish baseline footfall patterns by hour, day, and property. Identify the peak check-in window (typically 14:00–18:00) and the F&B peak (19:00–21:00) with statistical confidence. Phase 3 (Week 7): Deploy the Guest WiFi captive portal with GDPR-compliant consent, offering social login and email registration. This transitions anonymous probe data to authenticated profiles, enabling return-visit tracking and guest preference capture. Phase 4 (Week 8 onwards): Configure automated staffing alerts — when lobby footfall exceeds 85% of the 90th-percentile historical peak, trigger a notification to the duty manager to deploy additional check-in staff. Set F&B outlet opening hours dynamically based on the previous four weeks' footfall data for that day of week. Integrate the analytics API with the property management system to correlate footfall with RevPAR and F&B revenue per cover.

Implementation Notes: This approach works because it separates the passive measurement phase from the operational change phase, ensuring decisions are based on statistically valid baselines rather than anecdotal observation. The Meraki integration is vendor-native, reducing deployment risk. The key insight is that the highest-value output is not the raw footfall count but the correlation between footfall patterns and revenue metrics — which requires the PMS integration in Phase 4. An alternative approach using third-party hardware footfall counters at entry points would provide counts but not zone-level dwell time or return-visit data, and would require separate infrastructure investment.

A 12-store fashion retail chain is evaluating WiFi footfall analytics to benchmark store performance and identify which locations are candidates for lease renegotiation. Their stores use a mix of Aruba and Ruckus APs. What is the recommended implementation approach, and what metrics should they prioritise?

Given the mixed-vendor environment, the recommended approach is to use a vendor-neutral analytics platform that ingests probe data via a standardised API from both Aruba Central and Ruckus SmartZone controllers. Step 1: Audit AP firmware versions across all 12 stores and ensure location services are enabled. Step 2: Define a consistent zone taxonomy across all stores — entrance zone, front-of-store, mid-store, fitting rooms, till area — to enable like-for-like comparison. Step 3: Establish a normalised footfall metric: unique visitors per 100 m² of trading floor per operating hour. This removes the distortion caused by different store sizes and opening hours. Step 4: Track four primary KPIs: (a) Capture Rate — the percentage of pedestrians passing the store entrance who enter (requires an external pedestrian count feed or entrance-zone WiFi data); (b) Dwell Time — average minutes per visit, segmented by zone; (c) Conversion Proximity — the percentage of visitors who reach the till area (a proxy for purchase intent); (d) Return Rate — the percentage of visitors who return within 30 days. Step 5: After 90 days of data, rank stores by normalised footfall and dwell time. Stores in the bottom quartile on both metrics, in locations with strong external pedestrian counts, are candidates for lease renegotiation or format change rather than closure.

Implementation Notes: The normalisation step is critical and frequently overlooked. Without it, the largest store always appears to perform best on raw counts. The four-KPI framework maps directly to the retail conversion funnel: awareness (capture rate), engagement (dwell time), intent (conversion proximity), and loyalty (return rate). The mixed-vendor environment is a common real-world constraint; the solution correctly identifies that the analytics platform must be vendor-neutral rather than relying on a single vendor's proprietary location services. The 90-day baseline before making property decisions is a minimum — seasonal variation means a full 12-month dataset is preferable for lease decisions.

Scenario Analysis

Q1. You are the IT Director for a 25-site quick-service restaurant chain. The operations team wants to use WiFi data to optimise kitchen staffing in real time. Your current AP estate is a mix of consumer-grade routers installed by individual franchisees. What are the three most critical infrastructure decisions you need to make before the analytics project can proceed?

💡 Hint:Consider the gap between consumer-grade and enterprise-grade AP capabilities, the need for centralised management, and the data privacy implications of collecting location data in a food service environment.

Show Recommended Approach

The three critical decisions are: (1) AP estate standardisation — consumer-grade routers do not support probe request capture APIs or centralised location services. You must mandate a migration to enterprise-grade APs (e.g., Cisco Meraki, Aruba Instant-On, or equivalent) across all 25 sites before analytics deployment is feasible. Budget for this as a prerequisite capital project. (2) Centralised controller or cloud management — with 25 sites and multiple franchisees, you need a single cloud management platform that aggregates probe data from all sites into one analytics engine. Decentralised management makes cross-site benchmarking impossible. (3) GDPR and data governance framework — collecting location data in a public food service environment requires a clear legal basis (legitimate interests assessment is the most appropriate basis for anonymous footfall analytics), a privacy notice update, and a data retention policy. Franchisees are likely joint data controllers, which requires a formal data sharing agreement. Without this framework, the project carries regulatory risk that outweighs the operational benefit.

Q2. A stadium operator has deployed WiFi footfall analytics across a 60,000-capacity venue. After three months, the analytics platform reports an average of 85,000 unique devices per event — significantly higher than the ticket sales figure. The vendor claims the data is accurate. What is the most likely technical explanation, and how would you validate it?

💡 Hint:Think about the multiple sources of device signals in a dense stadium environment and the specific challenges of MAC randomisation in high-density settings.

Show Recommended Approach

The most likely explanation is a combination of three factors: (1) MAC randomisation inflation — in a dense environment with 60,000 people, each person's device may generate multiple distinct randomised MAC addresses over a 3-hour event, each counted as a unique device. Without robust temporal clustering and session stitching, this alone can inflate counts by 30–50%. (2) Multiple devices per person — stadium attendees frequently carry smartphones, smartwatches, and tablets simultaneously, each generating independent probe streams. (3) External device bleed — in an urban stadium, probe requests from devices in adjacent streets, car parks, and public transport may be captured by perimeter APs. To validate, run a controlled calibration event: sell exactly 1,000 tickets to a section of the venue, count the physical attendees manually, and compare against the WiFi count for that section's APs only. If the WiFi count exceeds 1,000 by more than 20%, the deduplication algorithm requires tuning. The vendor should be able to demonstrate their MAC randomisation handling methodology and provide calibration data from comparable dense-venue deployments.

Q3. A regional shopping centre operator wants to use WiFi footfall analytics to provide tenant retailers with monthly performance reports, benchmarking each store's dwell time and footfall against the centre average. The legal team has raised concerns about sharing this data with third-party tenants. How do you structure the data sharing to address these concerns while still delivering value to tenants?

💡 Hint:Consider the difference between sharing raw data and sharing aggregated, anonymised benchmarks, and the contractual framework needed for legitimate data sharing with tenants.

Show Recommended Approach

The legal concern is valid but manageable with the right data architecture. The solution has three components: (1) Aggregation threshold — never share data for any reporting period where the visitor count for a specific zone falls below 50 unique devices. This prevents re-identification of individuals from small-sample datasets and is consistent with GDPR anonymisation guidance from the ICO and EDPB. (2) Relative benchmarking only — share each tenant's metrics as an index relative to the centre average (e.g., 'your dwell time is 18% above the centre average for comparable retail categories'), not as absolute counts. This prevents tenants from inferring competitor performance from the benchmark data. (3) Contractual framework — include a data sharing clause in the tenant lease agreement that specifies: the legal basis for sharing (legitimate interests of the centre operator and tenant for performance management), the data categories shared (aggregated, anonymised footfall and dwell time indices), the retention period, and the prohibition on tenants attempting to re-identify individuals. With this structure, the data sharing is both legally defensible and commercially valuable.