Hi Albert,
the key point here is that www-data should not be able to write/remove any Moodle code file to prevent issues, regardless the file being owned by www-data.
What matters is www-data being able to access the Moodle code i.e. to traverse the Moodle folders and to read the Moodle code files.
That is the end goal: the way you could achieve it depends on some policies starting from who is charged to deploy the files (including the updates) and so on.
HTH,
Matteo