A recent report however claims that with the new Spotlight feature, "Apple has begun automatically collecting the locations of users and the queries they type when searching for files with the newest Mac operating system."
The Washington Post in its report claims, "Once Yosemite is installed, users searching for files - even on their own hard drives -- have their locations, unique identifying codes and search terms automatically sent to the company, keystroke by keystroke. The same is true for devices using Apple's latest mobile operating system, iOS 8."
A simple explanation could be the keystrokes are being sent to Apple for offering autocomplete and similar features. With location becoming an important part of search on the go, it makes sense that Apple might be customising results based on where you are. So what does the company say?
Apple responded to the Washington Post report, defending Spotlight. It told iMore in a statement, "We are absolutely committed to protecting our users' privacy and have built privacy right into our products. For Spotlight Suggestions we minimise the amount of information sent to Apple. Apple doesn't retain IP addresses from users' devices. Spotlight blurs the location on the device so it never sends an exact location to Apple. Spotlight doesn't use a persistent identifier, so a user's search history can't be created by Apple or anyone else. Apple devices only use a temporary anonymous session ID for a 15-minute period before the ID is discarded"
Apple added that users can opt out of the Spotlight Suggestions, Bing Web Searches, or even Location Services for Spotlight, but of course, this would mean Spotlight would once again be limited to searching on the iOS or Mac device.
To make suggestions more relevant to users, Spotlight Suggestions includes user context and search feedback with search query requests sent to Apple. Context sent with search requests provides Apple with: i) the device's approximate location; ii) the device type (e.g., Mac, iPhone, iPad, or iPod); iii) the client app, which is either Spotlight or Safari; iv) the device's default language and region settings; v) the three most recently used apps on the device; and vi) an anonymous session ID. All communication with the server is encrypted via HTTPS.