http://www.heise.de/artikel-archiv/ct/2011/25/42_kiosk - Thanks to Subatomic. Unfortunately it is in German. My copy is in Dutch...
Basically, they monitored a version of Origin using Process Monitor. Their results were that Origin only scans its own folder. When Origin scans other things, such as programdata and the registery, this is not actually Origin at work. It is Windows working trough Origin, who always does scans like that when a program makes an HTTPS connection. It does this to check if all the certificates for HTTPS connections are still in order.
CT magezine also noted that Origin does not automatically detect any EA games already installed on your computer, and the only way to add games to Origin is to enter their respective CD key. They subsequently cracked an EA game and luanched it trough Origin, which worked just fine.
The conclusion was that no data is ever collected by origin. No extensive study of the connection between Origin and the EA servers was done, because a program dat does not collect data can not send it.