There has been an explosion in uses of educational technology (EdTech) to support schools’ teaching, learning, assessment and administration. This article asks whether UK EdTech and data protection policies protect children's rights at school. It adopts a children's rights framework to explore how EdTech impacts children's rights to education, privacy and freedom from economic exploitation, taking Google Classroom as a case study. The research methods integrate legal research, interviews with UK data protection experts and education professionals working at various levels from national to local, and a socio-technical investigation of the flow of children's data through Google Classroom. The findings show that Google Classroom undermines children's privacy and data protection, potentially infringing children's other rights. However, they also show that regulation has impacted on Google's policy and practice. Specifically, we trace how various governments’ deployment of a range of legal arguments has enabled them to regulate Google's relationship with schools to improve its treatment of children's data. Although the UK government has not brought such actions, the data flow investigation shows that Google has also improved its protection of children's data in UK schools as a result of these international actions. Nonetheless, multiple problems remain, due both to Google's non-compliance with data protection regulations and schools’ practices of using Google Classroom. We conclude with a blueprint for the rights-respecting treatment of children's education data that identifies needed actions for the UK Department for Education, data protection authority, and industry, to mitigate against harmful practices and better support schools.