The "standard" book (Dwork & Roth, 2014) defines Privacy loss as follows (p. 18)
The quantity
$$
\mathcal{L}^{(\xi)}_{\mathcal{M}(x) || \mathcal{M}(y)} = \ln \left(
\frac{\Pr[\mathcal{M}(x) = \xi]}{\Pr[\mathcal{M}(y) = \xi]}
\right)
$$
is important to us; we refer to it as the privacy loss incurred by observing $\xi$. [...] As always, the probability space is over the coins of the mechanism $\mathcal{M}$.
So it doesn't say that it's a random variable.
From my point of view, it is just a real-valued function $\mathcal{L}: (\mathcal{M} \times x \times y \times \xi) \to \mathbb{R}$ as it outputs log of the ratio of two probabilities (numbers betw. 0 and 1).
The "probability space is over the coins" is a bit confusing, but I guess they refer here to the $\Pr[.]$ functions, since $\mathcal{M}$ are probability densities or discrete distributions.
However, on many places I have encountered the privacy loss random variable, e.g. here:
Abadi, M., Chu, A., Goodfellow, I., McMahan, H. B., Mironov, I., Talwar, K., & Zhang, L. (2016). Deep Learning with Differential Privacy. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 308–318. https://doi.org/10.1145/2976749.2978318
Privacy loss is a random variable dependent on the random noise added to the algorithm. [...] We instead compute the log moments of the privacy loss random variable, which compose linearly. We then use the moments bound, together with the standard Markov inequality, to obtain the tail bound, that is the privacy loss in the sense of differential privacy.
Or here:
http://www.gautamkamath.com/CS860notes/lec5.pdf
Definition 2. Let $Y$ and $Z$ be two random variables. The privacy loss random variable $\mathcal{L}_{Y||Z}$ is [...]
My question is: If privacy loss is a random variable, it must have a corresponding probability distribution, that is to integrate to 1. But this doesn't seem to be the general case of a log of ratio of two PDFs (Laplace, Gaussian) or discrete distributions (Exponential mechanism, etc.). It is also never mentioned as a condition for the privacy loss.
So: Am I missing something or is it just a misleading (semantically wrong) name?