It's a good question.
On a necessity test, I would say that the principle is already embedded in what we do every day. We don't collect information which we have no legal authority to collect. And we don't use it for a purpose for which we should not be using it.
A necessity test, in theory, seems to be a good idea; in practice, I'm not sure how you would apply it, especially with the vast amount of information that we all collect to fulfill our mandates.
Whatever the test, if ever it were embedded in legislation, would have to be operationally feasible, because you have to be able to collect information in real time. I don't know how that would also affect past collection, when the legislation is introduced. Would you have to go back and do a necessity test, or prove that you do indeed have a need to collect that information, or would it start when the new legislation is implemented? There are a lot of unknowns.
My main preoccupation would be for operational reasons. How do you practically implement that and make it work?