It just got a bit more odd ...
So, I decided to
header('Location: page.php') in the hope that requesting the page anew would solve the problem. It didn't. I had to refresh again (?!) to get the correct result.
Then ... I put it on my external server to show someone what was happening and it worked as expected on that server.
I haven't tried my original approach (including data.php twice) on the external server as I'm confused enough already and the issue is solved in a functional sense - I can hand the page over to the user as is.
But I still want to know what/why/how did this happen (it's definately bothering me that I don't understand this) so I'll leave this open for a bit in case anyone has any pointers.
Thanks to all for your help.