This is a very tricky issue.
AFAIK under the Education Act a Parent has rights to see an data/information that a school stores in connection with their child. It could be argued that this includes emails. This clause overrides the DPA as if it didn't a student could bar a Parent from seeing their school report etc. A schools does have a get out clause if they believe the information could endanger the child.
The big NO is that the parent would have access to other students email address.
The only out would be if you printed out every single email censored all the personal information to other users and then photo copied it (this would remove the possibilityof see the removed text) then give it the parent if that successfully argued that they are entitled under the Education Act.
As above ... the child is year 7 ... this means that even under EU laws on data ownership (part of the root of the DPA remember) that the age for taking ownership of data is over 12 years old. This is commonly translated as 13, but could be interpreted as 12 years and one day. If the child is not over 12 then the parent is the data owner on the child's behalf.
The parent could assert their right to access all information about their child, but you would have to ask them if it was down to a known or perceived concern. In which case the CPO would take over and a suitable compromise is that the Dad tells the CPO the concern, who may then ask you to allow them to check over some emails, or adapt whatever filtering you use to try and see what is going on.
Let Dad know that if it is ever found out that he was snooping on the email then the child *will* find other ways of passing illicit messages to others. It could be via SMS, it could be pieces of paper ... it is amazing the lengths kids go to when it comes to sharing stuff with one another.
So ... privacy laws only come into effect if they are not superceded by child protection and child welfare issues. If it is something serious the Dad should share it with the CPO. If the Dad refuses to share it, or it is a control thing then you might find the CPO asking if they (the CPO) can monitor the email just in case the CPO needs to raise a concern with others about the parent (social services, police, etc).
There is the other slight problem. If they are wanting access to the POP details, unless they are careful and don't download from the server then it will be obvious when the child's emails go missing. If you are going to snoop on your own kids then there are far better ways than this.
Great comment GrumbleDook thanks for the information!
Thanks GrumbleDook - that is exactly what I was after. Thank you, very informative.
I'll speak with SLT and let you know the outcome.
No way for all the well expressed reasons above!
But as hinted at by one poster, you would be providing a means by which an adult could pose as a child within your email system - and if that doesn't make your blood run cold................
I have found this thread most informative, as the more learned responses are just what we need, my reply is instictive
We don't let the pupils send or receive external emails
They have webmail access but the only real danger would be peer bullying, we don't allow IMAP or POP3
That said, if we did allow external mail, I would be very dubious of allowing Mum/Dad access to their childs email info
But, then I am a Dad, and find myself thinking the same as the Dad from the OP.
I do have a workaround - a sort of "Journal" account for that child, that the parent(s) could have access to..
Taking GrumbleDook's post into account, then we would need to advise pupils >12 (Y8?) that they can be seen by Mum & Dad, and they (Pupil/Mum+Dad) would need to sign a consent form of sorts to allow this.