Given manufacturer’s trends of enabling the privacy feature of randomizing the MAC address every n minutes, it would take some serious effort and analysis to reverse these general trends into individuals. I’ve linked a relevant article in the bibliography about these kinds of attacks [1] but in general, at least with user numbers in the hundreds, it would be very difficult.
Just skimming that paper, it doesn't look like they made use of any kind of fingerprinting. The paper below shows how BLE devices can be profiled to extract a potentially unique fingerprint. I don't know how well this would scale to large numbers of devices, but I'd imagine if you used such a fingerprint, you could dramatically improve the association between randomized MAC addresses even if the fingerprint is not 100% unique.
Here's a camera based video people counter.[1] This is a bit less intrusive.
[1] https://github.com/saimj7/People-Counting-in-Real-Time