The trick is to write to a directory where you have permissions. Usually /tmp/ does the trick, or you can set up a directory with write permissions in advance.

It really depends on your use case what solution is the best.

From a security perspective it is best to avoid giving www-data write permissions to any directories that web server uses (for configuration or as a document root)