The Belgian DPA held that a father alone could not submit an access request to a controller on behalf of a child, where the mother shares parental authority.
We already knew that when parents are divorced and share custody an access request (or another request under the GDPR) must be made, or approved, by both parents. In this case it seems that — although I am going off on the machine translation of the decisions (my French is a bit rusty ) — the parents are still together (albeit in the process of filing for divorce).
This essentially puts the obligation on the controller where an request is on behalf of a child to make sure - regardless of the existence of another guardian or parent - to check of a) there’s another individual holding parental responsibility or not; and b) check whether that individual authorizes it as well.
This will of course be a significant burden for controllers, which aren’t always aware of the legal situation concerning responsibility / guardianship of a child.