Sending the content of every search request to Apple? Notifying Apple if the user sets up a non-Apple email account? That's a blatant violation of the Computer Fraud and Abuse Act unless Apple properly discloses that up front and gets the user's consent.
Apple didn't do that.
The EULA for MacOS isn't on line on Apple's own site. This matters. It violates the FTC's "clear and conspicuous" rule on disclosures. It's just like bundling spyware, which the FTC and state attorneys general have routinely hammered vendors for trying.
This puts Apple in the uncomfortable position Sony was in when they put a root kit on an audio CD.