k - RDF-neighbourhood anonymity. Combining structural and attribute-based anonymisation for linked data

We provide a new way for anonymising a heterogeneous graph containing personal identifiable information. The anonymisation algorithm is called k -RDF-neighbourhood anonymity, because it changes the one hoop neighbourhood of at least k persons inside an RDF graph so that they cannot be distinguished. This enhances the privacy of persons represented in the graph. Our approach allows us to control the loss of information in different parts of the graph to adjust the trade-off between full privacy and data utility. In particular, we can control the weighting of subgraphs induced by individual properties as well as the weighting of attributes represented by literals. To the best of our knowledge, our approach is the first one which considers all subgraphs of an RDF graph at the same time during the anonymisation, instead of projecting the graph into its subgraphs, anonymising each subgraph separately, and them merging the anonymised subgraphs again. In addition, our approach allows partial anonymisation of RDF graphs, for use cases in which only specific entity types need to be protected. We conducted an experiment, which shows that the overall loss of information after anonymising the graph is smaller, if the anonymisation takes all parts of the graph into account, instead of focusing only on either the structure or only on the attributes of the graph.