It is pretty clear that a single piece of data gathered by this system is fairly useless. But the more data an entity has gathered, the better it can be used to paint a whole picture.
If the server is malicious (think a government doing surveillance), it is possible that the data from passive fixed beacons gets linked with the identity of the person uploading keys, via IP address (when keys are uploaded) or facial recognition gathered by cameras next to Bluetooth receivers. This data can also be linked with data from fixed beacons in other places, which would allow for tracking someone throughout a variety of places.
If the server is malicious (think a government doing surveillance), it is possible that the data from passive fixed beacons gets linked with the identity of the person uploading keys, via IP address (when keys are uploaded) or facial recognition gathered by cameras next to Bluetooth receivers. This data can also be linked with data from fixed beacons in other places, which would allow for tracking someone throughout a variety of places.