Continuous (and implicit or passive) authentication is a big theme these days that received a lot of mileage at last week's Cloud Identity Summit.
The premise is that by constantly comparing the user's current context to a previous pattern established over time, then we can have greater confidence that they are who they claimed to be (typically through some explicit, discrete authentication event like a password or FIDO authentication).
Context might include the user's geo-location, IP address, device characteristics, or their interactions with the application (e.g. err, why is Bob moving all his funds out of the account?).
From the enterprise's point-of-view, it's an assurance curve that doesn't drop as precipitously over time, and from the user's - a less intrusive authentication UX.
Where the comparison between the current and established context occurs will likely have different privacy characteristics. Just as in the FIDO model, where the biometric template never leaves the device and so that's where the comparison happens. There will be privacy advantages to comparing the continuous authentication factors against the previous established patterns 'locally' and not on the server.
If the comparison happens locally, then the server need not 'see' the specifics of the user's behavior but only the calculated result of the comparison, (e.g. 'yes it looks like Paul'). All else being equal, the less the authentication server knows about the user's behavior, the better for privacy.
Of course, some factors will lend themselves to such a local check better than others. It's easier to imagine the phone itself comparing past patterns of the user's walking gait (as measured by the phone's accelerometer). But application specifics, like the suspicious funds transaction mentioned above, necessarily imply the application being involved.
As in the FIDO model, a successful authentication 'to' the phone through some continuous authentication mode could release a previously established key. The key would sign something for the server as the means by which the fact of the local authentication is communicated to the server.
Get used to the pattern of first the user authenticates to the device and then second the device reports same to server. While the device in question is currently a phone, in the near future it will be every other thing we have with us.