The digital age has brought new possibilities and potency to state surveillance activities. Of significance has been the advent of bulk communications data monitoring, which involves the large-scale collection, retention and subsequent analysis of communications data. The scale and invasiveness of these techniques generate key questions regarding their ‘necessity’ from a human rights law perspective and they are the subject of ongoing human rights-based litigation. This article examines bulk communications data surveillance through the lens of human rights law, undertaking critical examination of both the potential utility of bulk communications surveillance and – drawing on social science analysis – the potential human rights-related harm. It argues that utility and harm calculations can conceal the complex nature of contemporary digital surveillance practices, rendering current approaches to the ‘necessity’ test problematic. The article argues that (i) the distinction between content and communications data be removed; (ii) analysis of surveillance-related harm must extend beyond privacy implications and incorporate society-wide effects; and (iii) a more nuanced approach to bulk communications data be developed. Suggestions are provided as to how the ‘necessity’ of bulk surveillance measures may be evaluated, with an emphasis on understanding the type of activity that may qualify as ‘serious crime’.