Do you pay for Privacy in Online learning?

Fix an instance domain $\mathcal{X}$ and a binary hypothesis class $\mathcal{H} \subseteq \{0,1\}^{\mathcal{X}}$. In the realizable online (mistake-bound) model, an adversary chooses a length-$T$ labeled sequence $S=((x_1,y_1),\dots,(x_T,y_T))$ such that there exists $h^*\in\mathcal{H}$ with $y_t=h^*(x_t)$ for all $t\in[T]$. An (interactive, possibly randomized) learner $\mathcal{A}$ operates for $t=1,\dots,T$: it observes $x_t$, outputs a prediction $\hat y_t\in\{0,1\}$, then observes $y_t$, incurring a mistake if $\hat y_t\neq y_t$. Let the transcript (output) of $\mathcal{A}$ on $S$ be the full prediction sequence $\mathcal{A}(S)=(\hat y_1,\dots,\hat y_T)$ (a random variable over the learner's internal randomness).

Adjacency: Two labeled sequences $S,S'$ of the same length $T$ are adjacent if they differ in exactly one position, i.e., there exists a unique $t\in[T]$ with $(x_t,y_t)\neq (x'_t,y'_t)$ and $(x_s,y_s)=(x'_s,y'_s)$ for all $s\neq t$.

Online differential privacy (transcript DP): $\mathcal{A}$ is $(\varepsilon,\delta)$-differentially private if for all adjacent $S,S'$ and all measurable events $E$ over transcripts,

Mistake-bound learnability: $\mathcal{H}$ is (non-privately) learnable in the mistake-bound sense if there exists a finite $M(\mathcal{H})$ and an online algorithm $\mathcal{A}$ such that for every realizable sequence (any $T$), the expected number of mistakes of $\mathcal{A}$ is at most $M(\mathcal{H})$.

Online-DP mistake-bound learnability: $\mathcal{H}$ is online-DP-learnable if for every $\varepsilon>0$ and $\delta\in[0,1)$ there exists an online algorithm $\mathcal{A}_{\varepsilon,\delta}$ that is $(\varepsilon,\delta)$-DP (as above) and has a finite mistake bound $M_{\varepsilon,\delta}(\mathcal{H})$ on every realizable sequence (uniformly over $T$).