The setgid bit on a directory only ensures that the files created inside the directory are also owned by the group that owns the directory. It does not affect the permissions granted to the group (the middle three bits).
What you want is to override the default permission bits for files created inside the directory, i.e.:
setfacl -m default:user:www-data:rwx foobar/
The ACLs on foobar/ should look like this:
foobar% getfacl .
# file: .
# owner: www-data
# group: www-data
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:www-data:rwx
default:mask::rwx
default:other::r-x
And if you create a file with a restrictive umask...
foobar% umask
077
foobar% touch foo
foobar% ls -l
total 0
-rw-rw-r--+ 1 www-data www-data 0 Apr 2 11:18 foo
Notice that there's the + at the end of the first column, indicating that ACLs are present and you should use getfacl to see the full picture.
foobar% getfacl foo
# file: foo
# owner: www-data
# group: www-data
user::rw-
group::r-x #effective:r--
group:www-data:rwx #effective:rw-
mask::rw-
other::r--