There's a conceptually linked concept called the PAR (Payment Account Reference) which some payment systems return.

You can't transact with it directly, but theoretically it refers to the same payment instrument whether you accessed it by the 16-digit PAN on the card, a mobile wallet that generates a new dPAN each time, or a token that corresponds to a secure vault platform.

It's useful for things like transit payments where someone might tap their card when entering the train and their phone when exiting, and they need to treat them as equivalent for "fares for a single traveller/card can be no more than $x per day"

If a given retailer gets the same number off your card each time you do contactless, then that retailer /could/ track you via that number.

If all retailers get the same number, then they can each track you, and correlate your purchases between themselves.

Note, there just needs to be /some/ constant number from whatever comes through via contactless, the number does not have to be the magic numbers that post the sale to the card.

It doesn't rotate. Also it looks like if you use the contactless method built into the actual card it doesn't use a different number.