The surveillance economy made a specific bet: that individual-level data — who visited, how long they stayed, what they looked at — is more valuable than aggregate intelligence. That bet is being tested now, and the results are not kind to it.

Regulation in MENA is not following the permissive trajectory that characterised early-2010s tech markets in the West. The UAE's Personal Data Protection Law is in force. The AI Charter sets explicit bars on demographic inference and discriminatory models. Saudi Arabia's PDPL is modelled on frameworks that treat personal data as a fundamental right, not a commercial asset to be optimised.

The compliance retrofit problem

Operators who built intelligence stacks on individual-level data — face imagery, cross-session tracking, demographic profiling — are now facing a choice: retrofit compliance or accept liability exposure. Neither is cheap. A compliance retrofit on a system that was architecturally designed to collect personal data typically costs more than the original build. In some cases, the architecture cannot be made compliant at all without replacing it.

Canopy was designed from first principles to produce intelligence without ever touching personal data. The output of the Canopy pipeline is a time-series of counts and events — headcount, entry rate, dwell distribution, queue length. These are structural properties of a space, not records of individual behaviour. They cannot be reverse-engineered to identify a person.

Aggregate signals are sufficient for every commercial decision that matters

The objection to aggregate intelligence is that you lose resolution. That objection misunderstands what operators actually need.

A mall operator deciding whether to renew a tenant's lease does not need to know that a specific individual visited the anchor store fourteen times in Q1. They need to know that foot traffic to the anchor is up 12% quarter-over-quarter, that average dwell in the food court increased after the tenant mix change, and that the west corridor is underperforming despite being on the primary pedestrian route.

All of those signals are aggregate. None of them require personal data. And all of them are commercially actionable in a way that individual-level data is not, because aggregate signals are what lease negotiations, capital allocation decisions, and operational planning actually run on.

The commercial durability argument

Aggregate intelligence is more commercially durable for three reasons:

First, it does not create liability. A data breach in a surveillance-based system exposes personally identifiable information. A data breach in a Canopy deployment exposes counts and events — information that has no personal dimension and therefore no breach notification requirement and no individual harm.

Second, it does not require regulatory monitoring. Compliance with PDPL, the AI Charter, and SIRA is not a function that Canopy's clients need to maintain over time, because compliance is structural. There are no personal data flows to audit, no consent mechanisms to maintain, no DPO engagements to manage.

Third, it does not create adversarial relationships with the public spaces it operates in. Surveillance-based intelligence creates a social overhead: the knowledge, or suspicion, that a space is tracking individuals. Aggregate intelligence does not. The infrastructure is the same — the same cameras, the same compute — but the social contract with the people moving through the space is entirely different.

The operators who make the architectural choice now will not need to revisit it. That is the commercial case for privacy-preserving intelligence. It is not a values argument. It is an infrastructure argument.